TYPO3 CMS is vulnerable to SQL injection. CVE-2019-19850

-

It has been discovered that TYPO3 CMS is vulnerable to SQL injection.
  • Component Type: TYPO3 CMS
  • Subcomponent: Query Generator (ext:lowlevel)
  • Release Date: December 17, 2019
  • Vulnerability Type: SQL Injection
  • Affected Versions: 8.0.0-8.7.29 and 9.0.0-9.5.11 and 10.0.0-10.2.0
  • Severity: Medium
  • Suggested CVSS v3.1: AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N/E:F/RL:O/RC:C
  • CVE: CVE-2019-19850

Problem Description

Failing to properly escape user submitted content, class QueryGenerator is vulnerable to SQL injection.
Having system extension ext:lowlevel installed and a valid backend user having administrator privileges are required to exploit this vulnerability.

Solution

Update to TYPO3 versions 8.7.30 or 9.5.12 or 10.2.2 that fix the problem described.

Credits

Thanks to Dhiraj Shrikant Datar (Zacco CyberSecurity Research Labs) who reported this issue and to TYPO3 framework merger Frank Nägler  who fixed the issue.

General Advice

Follow the recommendations that are given in the TYPO3 Security Guide. Please subscribe to the typo3-announce mailing list.

General Note

All security related code changes are tagged so that you can easily look them up in our review system.

Comments

Post a Comment

Popular posts from this blog

HTTP Host header attacks against web proxy disclaimer response webpage CVE-2017-14190

-
HTTP Host header attacks against web proxy disclaimer response webpage Summary The FortiOS web proxy disclaimer page is potentially vulnerable to an XSS attack, via maliciously crafted "Host" headers in user HTTP requests. The latter is possible if an attacker is in a Man-in-the-middle position (i.e. able to modify the HTTP requests of the potential victim before they reach the web proxy), or poisons a web cache used by the potential victim. In the latter attack scenario, the tainted disclaimer web page being cached, the XSS attack can be considered as persistent. Impact Persistent Cross-site Scripting (XSS) CVE ID CVE-2017-14190 Affected Products FortiOS 5.6.0 to 5.6.2 FortiOS 5.4.0 to 5.4.7 FortiOS 5.2 and lower versions. Solutions FortiOS 5.6 branch: Upgrade to 5.6.3 FortiOS 5.4 branch: Upgrade to 5.4.8 For...
Read more

VMware vRealize Operations Tenant App update addresses Information Disclosure Vulnerability (CVE-2021-22034)

-
  1. Impacted Products VMware vRealize Operations Tenant App for VMware Cloud Director 2. Introduction An information disclosure vulnerability in VMware vRealize Operations Tenant App for VMware Cloud Director was privately reported to VMware. Patch is available to address this vulnerability in impacted VMware products.  3. Information Disclosure Vulnerability in VMware vRealize Operations Tenant App for VMware Cloud Director (CVE-2021-22034) Description T...
Read more