The slub_events (aka SLUB: Event Registration) extension through 3.0.2 for TYPO3 allows uploading of arbitrary files to the webserver. For versions 1.2.2 and below, this results in Remote Code Execution. In versions later than 1.2.2, this can result in Denial of Service, since the web space can be filled up with arbitrary files.
References
Link | Resource |
---|---|
https://extensions.typo3.org/extension/slub_events | Third Party Advisory |
https://typo3.org/security/advisory/typo3-ext-sa-2019-017/ | Third Party Advisory |
https://extensions.typo3.org/extension/slub_events | Third Party Advisory |
https://typo3.org/security/advisory/typo3-ext-sa-2019-017/ | Third Party Advisory |
Configurations
History
21 Nov 2024, 04:31
Type | Values Removed | Values Added |
---|---|---|
References | () https://extensions.typo3.org/extension/slub_events - Third Party Advisory | |
References | () https://typo3.org/security/advisory/typo3-ext-sa-2019-017/ - Third Party Advisory |
Information
Published : 2019-10-16 19:15
Updated : 2024-11-21 04:31
NVD link : CVE-2019-16700
Mitre link : CVE-2019-16700
CVE.ORG link : CVE-2019-16700
JSON object : View
Products Affected
slub-dresden
- slub_events
CWE
CWE-434
Unrestricted Upload of File with Dangerous Type