Description

TYPO3 8.x before 8.7.25 and 9.x before 9.5.6 allows remote code execution because it does not properly configure the applications used for image processing, as demonstrated by ImageMagick or GraphicsMagick.

Remediation

References

CVE-2019-11832

Related Vulnerabilities

Oracle Database Server Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2007-5508)

WordPress Plugin UserPro-Community and User Profile Privilege Escalation (4.9.27)

IBM RTC Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2016-0325)

phpList CVE-2023-27576 Vulnerability (CVE-2023-27576)

SugarCRM Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2019-17313)

Severity

High

Classification

CVE-2019-11832 CWE-20 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities