PT-2019-14775 · Typo3 · Sr Freecap

Kai Ullrich

Publicado

2019-10-16

Atualizado

2022-05-24

CVE-2019-16699

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions sr freecap (aka freeCap CAPTCHA) extension versions 2.4.5 and below sr freecap (aka freeCap CAPTCHA) extension version 2.5.2 and below

Description The issue allows execution of arbitrary Extbase actions, resulting in Remote Code Execution due to the failure to sanitize user input.

Recommendations For sr freecap (aka freeCap CAPTCHA) extension versions 2.4.5 and below, update to a version above 2.4.5 to resolve the issue. For sr freecap (aka freeCap CAPTCHA) extension version 2.5.2 and below, update to a version above 2.5.2 to resolve the issue.

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

CVE-2019-16699

GHSA-598P-RV6P-G7QC

Produtos afetados

Sr Freecap

PT-2019-14775 · Typo3 · Sr Freecap

CVE-2019-16699

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6