CVE-2019-19848 MEDIUM

CVE-2019-19848

Vendor N/A
Product n/a
Published December 17, 2019
Last update August 5, 2024

CVSS base score

6.8/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.0/AC:L/AV:N/A:H/C:H/I:H/PR:H/S:U/UI:R

What the vulnerability does

01Description

An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. It has been discovered that the extraction of manually uploaded ZIP archives in Extension Manager is vulnerable to directory traversal. Admin privileges are required in order to exploit this vulnerability. (In v9 LTS and later, System Maintainer privileges are also required.)

Key dates

02Disclosure timeline

December 17, 2019 CVE published
August 5, 2024 Record updated