Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS01cHd3LTNtZmMtZzh2cs4AAiZr
slub_events for Typo3 Arbitrary File Upload
The slub_events (aka SLUB: Event Registration) extension through 3.0.2 for TYPO3 allows uploading of arbitrary files to the webserver. For versions 1.2.2 and below, this results in Remote Code Execution. In versions later than 1.2.2, this can result in Denial of Service, since the web space can be filled up with arbitrary files.
Permalink: https://github.com/advisories/GHSA-5pww-3mfc-g8vrJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS01cHd3LTNtZmMtZzh2cs4AAiZr
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Critical
Classification: General
Published: almost 2 years ago
Updated: 10 months ago
CVSS Score: 9.8
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Identifiers: GHSA-5pww-3mfc-g8vr, CVE-2019-16700
References:
- https://nvd.nist.gov/vuln/detail/CVE-2019-16700
- https://extensions.typo3.org/extension/slub_events
- https://typo3.org/security/advisory/typo3-ext-sa-2019-017/
- https://github.com/advisories/GHSA-5pww-3mfc-g8vr
Affected Packages
packagist:slub/slub-events
Dependent packages: 0Dependent repositories: 1
Downloads: 223 total
Affected Version Ranges: < 3.0.3
Fixed in: 3.0.3
All affected versions: 2.2.0, 2.2.1, 2.2.2, 2.3.0, 2.4.0, 2.4.1, 2.4.2, 2.4.3, 3.0.0, 3.0.1, 3.0.2
All unaffected versions: 3.0.3, 4.0.0, 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.0.5, 5.1.0, 5.1.1, 5.1.2, 5.1.3