CVE-2019-16700

The slub_events (aka SLUB: Event Registration) extension through 3.0.2 for TYPO3 allows uploading of arbitrary files to the webserver. For versions 1.2.2 and below, this results in Remote Code Execution. In versions later than 1.2.2, this can result in Denial of Service, since the web space can be filled up with arbitrary files.
Configurations

Configuration 1 (hide)

cpe:2.3:a:slub-dresden:slub_events:*:*:*:*:*:typo3:*:*

History

21 Nov 2024, 04:31

Type Values Removed Values Added
References () https://extensions.typo3.org/extension/slub_events - Third Party Advisory () https://extensions.typo3.org/extension/slub_events - Third Party Advisory
References () https://typo3.org/security/advisory/typo3-ext-sa-2019-017/ - Third Party Advisory () https://typo3.org/security/advisory/typo3-ext-sa-2019-017/ - Third Party Advisory

Information

Published : 2019-10-16 19:15

Updated : 2024-11-21 04:31


NVD link : CVE-2019-16700

Mitre link : CVE-2019-16700

CVE.ORG link : CVE-2019-16700


JSON object : View

Products Affected

slub-dresden

  • slub_events
CWE
CWE-434

Unrestricted Upload of File with Dangerous Type