CVE-2019-19849

Name of the Vulnerable Software and Affected Versions TYPO3 versions prior to 8.7.30 TYPO3 versions 9.x prior to 9.5.12 TYPO3 versions 10.x prior to 10.2.2

Description An issue has been discovered in the classes QueryGenerator and QueryView, which are vulnerable to insecure deserialization. There are two exploitable scenarios: one requires the system extension ext:lowlevel (Backend Module: DB Check) to be installed, with a valid backend user having administrator privileges, and the other requires the system extension ext:sys action to be installed, with a valid backend user having limited privileges.

Recommendations For versions prior to 8.7.30, update to version 8.7.30 or later. For versions 9.x prior to 9.5.12, update to version 9.5.12 or later. For versions 10.x prior to 10.2.2, update to version 10.2.2 or later.