CVE-2019-19848

Name of the Vulnerable Software and Affected Versions TYPO3 versions prior to 8.7.30 TYPO3 versions 9.x prior to 9.5.12 TYPO3 versions 10.x prior to 10.2.2

Description An issue has been discovered in the extraction of manually uploaded ZIP archives in the Extension Manager, which is vulnerable to directory traversal. This issue requires admin privileges to exploit, and in versions 9 LTS and later, System Maintainer privileges are also required.

Recommendations For versions prior to 8.7.30, update to version 8.7.30 or later. For versions 9.x prior to 9.5.12, update to version 9.5.12 or later. For versions 10.x prior to 10.2.2, update to version 10.2.2 or later.