PT-2019-14775 · Typo3 · Sr Freecap

Kai Ullrich

Published

2019-10-16

Updated

2022-05-24

CVE-2019-16699

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions sr freecap (aka freeCap CAPTCHA) extension versions 2.4.5 and below sr freecap (aka freeCap CAPTCHA) extension version 2.5.2 and below

Description The issue allows execution of arbitrary Extbase actions, resulting in Remote Code Execution due to the failure to sanitize user input.

Recommendations For sr freecap (aka freeCap CAPTCHA) extension versions 2.4.5 and below, update to a version above 2.4.5 to resolve the issue. For sr freecap (aka freeCap CAPTCHA) extension version 2.5.2 and below, update to a version above 2.5.2 to resolve the issue.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2019-16699

GHSA-598P-RV6P-G7QC

Affected Products

Sr Freecap

PT-2019-14775 · Typo3 · Sr Freecap

CVE-2019-16699

Weakness Enumeration

Related Identifiers

Affected Products

References · 6