Deserialization Vulnerability in TYPO3 by TYPO3 Association
CVE-2019-12747

8.8HIGH

Key Information:

Vendor: Typo3
Status: Typo3
Vendor: CVE Published:; 9 July 2019

What is CVE-2019-12747?

TYPO3 versions 8.x up to 8.7.26 and 9.x up to 9.5.7 are affected by a deserialization vulnerability that allows attackers to send untrusted data to the server. This can potentially lead to unauthorized code execution and compromise the integrity and confidentiality of the system. Organizations using these versions should apply the necessary patches available from the official TYPO3 security advisory to mitigate the risk.

References

https://typo3.org/security/advisory/typo3-core-sa-2019-020/

x_refsource_CONFIRM

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jul 9, 2019
Vulnerability Reserved
Jun 6, 2019

Typo3

What is CVE-2019-12747?

References

CVSS V3.1

Timeline