logo

Database

Insecure deserialization In typo3/cms

Description

Insecure Unserialize in TYPO3 Import/Export Failing to properly validate incoming import data, the Import/Export component is susceptible to insecure unserialize. To exploit this vulnerability a valid backend user account is needed.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. GCVE-GHSA-xvcp-33rc-j8gq

References

1. https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2016-07-19-2.yaml2. https://typo3.org/security/advisory/typo3-core-sa-2016-015

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.