CVE-2019-16700

Name of the Vulnerable Software and Affected Versions slub events extension versions 1.2.2 and earlier slub events extension versions later than 1.2.2 through 3.0.2

Description The issue allows uploading of arbitrary files to the webserver. For versions 1.2.2 and below, this results in Remote Code Execution. In versions later than 1.2.2, this can result in Denial of Service, since the web space can be filled up with arbitrary files.

Recommendations For versions 1.2.2 and earlier, update to a version later than 1.2.2 to prevent Remote Code Execution. For versions later than 1.2.2 through 3.0.2, restrict file upload capabilities to prevent Denial of Service. As a temporary workaround, consider disabling file upload functionality until a patch is available.