Lucene search
GoogleOSV:GHSA-77P4-WFR8-977WHistoryMay 24, 2022 - 5:03 p.m.
TYPO3 Directory Traversal on ZIP extraction
2022-05-2417:03:52
Google
osv.dev
5
typo3
zip extraction
directory traversal
vulnerability
extension manager
admin privileges
system maintainer
An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. It has been discovered that the extraction of manually uploaded ZIP archives in Extension Manager is vulnerable to directory traversal. Admin privileges are required in order to exploit this vulnerability. (In v9 LTS and later, System Maintainer privileges are also required.)
References
github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms-core/CVE-2019-19848.yaml
github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2019-19848.yaml
nvd.nist.gov/vuln/detail/CVE-2019-19848
review.typo3.org/q/%2522Resolves:+%252388764%2522+topic:security
typo3.org/security/advisory/typo3-core-sa-2019-024
Related
veracode
veracode
Directory Traversal
2019-12-18 02:06:20
prion
prion
Directory traversal
2019-12-17 17:15:00
friendsofphp
friendsofphp
Directory Traversal on ZIP extraction
2019-12-17 09:50:57
Directory Traversal on ZIP extraction
2019-12-17 09:50:57
cve
cve
CVE-2019-19848
2019-12-17 17:15:17
nvd
nvd
CVE-2019-19848
2019-12-17 17:15:17
osv
osv
CVE-2019-19848
2019-12-17 17:15:17
typo3
typo3
Directory Traversal on ZIP extraction
2019-12-17 00:00:00
cvelist
cvelist
CVE-2019-19848
2019-12-17 16:02:50
github
github
TYPO3 Directory Traversal on ZIP extraction
2022-05-24 17:03:52
openvas
openvas
nessus
nessus
TYPO3 8.x < 8.7.30 / 9.x < 9.5.12 / 10.x < 10.2.2 Multiple Vulnerabilities
2020-07-15 00:00:00