PT-2017-3962 · Typo3 · Typo3

Alex Kellner

Publicado

2017-01-23

Atualizado

2022-05-17

CVE-2016-5091

CVSS v2.0

Alta

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions TYPO3 versions 4.3.0 through 6.2.24 TYPO3 versions 7.x through 7.6.8 TYPO3 version 8.1.1

Description The issue allows remote attackers to obtain sensitive information or possibly execute arbitrary code via a crafted Extbase action. It is caused by deserialization problems in the Extbase extension of the TYPO3 content management system. Exploitation of the issue may allow a remote attacker to execute arbitrary code.

Recommendations For TYPO3 versions 4.3.0 through 6.2.24, update to version 6.2.24 or later. For TYPO3 versions 7.x through 7.6.8, update to version 7.6.8 or later. For TYPO3 version 8.1.1, update to a later version.

Exploit

Correção

RCE

Use of a Broken Cryptographic Algorithm

Information Disclosure

Deserialization of Untrusted Data

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-254CWE-20CWE-327CWE-325CWE-200CWE-502

Identificadores relacionados

BDU:2020-04846

CVE-2016-5091

GHSA-JXG5-35FJ-CCWF

GHSA-M5VR-3M74-JWXP

Produtos afetados

Typo3

PT-2017-3962 · Typo3 · Typo3

CVE-2016-5091

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 18