CVE-2021-43562

Name of the Vulnerable Software and Affected Versions pixxio extension for TYPO3 versions prior to 1.0.6

Description An issue in the pixxio extension for TYPO3 allows an attacker to exploit a Server-Side Request Forgery (SSRF) vulnerability. This occurs because the extension fails to restrict image downloads to the configured pixx.io DAM URL. As a result, an attacker can download content from a remote location and save it to a user-controlled filename, potentially leading to Remote Code Execution. Exploitation requires a TYPO3 backend user account.

Recommendations For versions prior to 1.0.6, update to version 1.0.6 or later to resolve the issue.