CVE-2019-19850

Name of the Vulnerable Software and Affected Versions TYPO3 versions prior to 8.7.30 TYPO3 versions 9.x prior to 9.5.12 TYPO3 versions 10.x prior to 10.2.2

Description The issue is related to the mishandling of escaping of user-submitted content, making the class QueryGenerator vulnerable to SQL injection. Exploitation of this issue requires the system extension ext:lowlevel to be installed and a valid backend user with administrator privileges.

Recommendations For versions prior to 8.7.30, update to version 8.7.30 or later. For versions 9.x prior to 9.5.12, update to version 9.5.12 or later. For versions 10.x prior to 10.2.2, update to version 10.2.2 or later.