Lucene search
TYPO3 AssociationTYPO3-EXT-SA-2021-017HistoryNov 10, 2021 - 12:00 a.m.
Multiple vulnerabilities in extension "pixx.io integration for TYPO3 (DAM)" (pixxio)
2021-11-1000:00:00
TYPO3 Association
typo3.org
19
0.003 Low
EPSS
Percentile
70.2%
The extension fails to restrict the image download to the configured pixx.io DAM URL resulting in Server-side request forgery. As a result of the Server-side request forgery vulnerability, an attacker can download various content from a remote location and save it to a user controlled filename which may result in Remote Code Execution. A TYPO3 backend user account is required to exploit both vulnerabilities.
Related
prion
prion
Authorization
2021-11-10 16:15:00
Remote code execution
2021-11-10 15:15:00
nvd
nvd
CVE-2021-43562
2021-11-10 15:15:12
CVE-2021-43563
2021-11-10 16:15:09
cve
cve
CVE-2021-43563
2021-11-10 16:15:09
CVE-2021-43562
2021-11-10 15:15:12
cnvd
cnvd
TYPO3 Licensing Issue Vulnerability (CNVD-2022-17968)
2021-11-13 00:00:00
TYPO3 server-side request forgery vulnerability (CNVD-2022-17969)
2021-11-13 00:00:00
cvelist
cvelist
CVE-2021-43563
2021-11-10 15:02:41
CVE-2021-43562
2021-11-10 15:01:18