Kai Ullrich

Pesquisador deCode White GmbH
#15902de 53,640
17CVSS total
Vulnerabilidades · 2
Alta
1
Crítica
1
PT-2019-15979
7.2
2019-12-17
Typo3 · Typo3 · CVE-2019-19848
**Name of the Vulnerable Software and Affected Versions** TYPO3 versions prior to 8.7.30 TYPO3 versions 9.x prior to 9.5.12 TYPO3 versions 10.x prior to 10.2.2 **Description** An issue has been discovered in the extraction of manually uploaded ZIP archives in the Extension Manager, which is vulnerable to directory traversal. This issue requires admin privileges to exploit, and in versions 9 LTS and later, System Maintainer privileges are also required. **Recommendations** For versions prior to 8.7.30, update to version 8.7.30 or later. For versions 9.x prior to 9.5.12, update to version 9.5.12 or later. For versions 10.x prior to 10.2.2, update to version 10.2.2 or later.
PT-2019-14775
9.8
2019-10-16
Typo3 · Sr Freecap · CVE-2019-16699
**Name of the Vulnerable Software and Affected Versions** sr freecap (aka freeCap CAPTCHA) extension versions 2.4.5 and below sr freecap (aka freeCap CAPTCHA) extension version 2.5.2 and below **Description** The issue allows execution of arbitrary Extbase actions, resulting in Remote Code Execution due to the failure to sanitize user input. **Recommendations** For sr freecap (aka freeCap CAPTCHA) extension versions 2.4.5 and below, update to a version above 2.4.5 to resolve the issue. For sr freecap (aka freeCap CAPTCHA) extension version 2.5.2 and below, update to a version above 2.5.2 to resolve the issue.