Vulnerability Description
The slub_events (aka SLUB: Event Registration) extension through 3.0.2 for TYPO3 allows uploading of arbitrary files to the webserver. For versions 1.2.2 and below, this results in Remote Code Execution. In versions later than 1.2.2, this can result in Denial of Service, since the web space can be filled up with arbitrary files.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Slub-Dresden | Slub Events | <= 3.0.2 |
Related Weaknesses (CWE)
References
- https://extensions.typo3.org/extension/slub_eventsThird Party Advisory
- https://typo3.org/security/advisory/typo3-ext-sa-2019-017/Third Party Advisory
- https://extensions.typo3.org/extension/slub_eventsThird Party Advisory
- https://typo3.org/security/advisory/typo3-ext-sa-2019-017/Third Party Advisory
FAQ
What is CVE-2019-16700?
CVE-2019-16700 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The slub_events (aka SLUB: Event Registration) extension through 3.0.2 for TYPO3 allows uploading of arbitrary files to the webserver. For versions 1.2.2 and below, this results in Remote Code Executi...
How severe is CVE-2019-16700?
CVE-2019-16700 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2019-16700?
Check the references section above for vendor advisories and patch information. Affected products include: Slub-Dresden Slub Events.