CVE-2019-16700 – slub/slub-events

Package

Manager: composer
Name: slub/slub-events
Vulnerable Version: >=0 <3.0.3

Severity

Level: Critical

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.02148 pctl0.83583

Details

slub_events for Typo3 Arbitrary File Upload The slub_events (aka SLUB: Event Registration) extension through 3.0.2 for TYPO3 allows uploading of arbitrary files to the webserver. For versions 1.2.2 and below, this results in Remote Code Execution. In versions later than 1.2.2, this can result in Denial of Service, since the web space can be filled up with arbitrary files.

Metadata

Created: 2022-05-24T16:58:56Z
Modified: 2023-08-01T22:40:15Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-5pww-3mfc-g8vr/GHSA-5pww-3mfc-g8vr.json
CWE IDs: ["CWE-434"]
Alternative ID: GHSA-5pww-3mfc-g8vr
Finding: F027
Auto approve: 1