TYPO3 8.x before 8.7.25 and 9.x before 9.5.6 allows remote code execution because it does not properly configure the applications used for image processing, as demonstrated by ImageMagick or GraphicsMagick.
Max CVSS
9.3
EPSS Score
0.78%
Published
2019-05-09
Updated
2019-05-13
TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 contains an insecure default value of the variable fileDenyPattern which could allow remote attackers to execute arbitrary code on the backend.
Max CVSS
8.8
EPSS Score
0.77%
Published
2019-11-04
Updated
2019-11-05
2 vulnerabilities found