CVE-2019-16699 – sjbr/sr-freecap

Package

Manager: composer
Name: sjbr/sr-freecap
Vulnerable Version: >=2.5.0 <2.5.3 || >=0 <2.4.6

Severity

Level: Critical

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.02481 pctl0.84721

Details

sr_freecap for Typo3 RCE Vulnerability The sr_freecap (aka freeCap CAPTCHA) extension 2.4.5 and below and 2.5.2 and below for TYPO3 fails to sanitize user input, which allows execution of arbitrary Extbase actions, resulting in Remote Code Execution.

Metadata

Created: 2022-05-24T16:58:56Z
Modified: 2023-09-26T16:45:55Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-598p-rv6p-g7qc/GHSA-598p-rv6p-g7qc.json
CWE IDs: ["CWE-20"]
Alternative ID: GHSA-598p-rv6p-g7qc
Finding: F184
Auto approve: 1