CVE-2019-19849
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2019-19849
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-19849.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2019-19849
- Aliases
- Published
- 2019-12-17T17:15:17Z
- Modified
- 2024-09-03T02:35:30.928634Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. It has been discovered that the classes QueryGenerator and QueryView are vulnerable to insecure deserialization. One exploitable scenario requires having the system extension ext:lowlevel (Backend Module: DB Check) installed, with a valid backend user who has administrator privileges. The other exploitable scenario requires having the system extension ext:sys_action installed, with a valid backend user who has limited privileges.
- References
Affected packages
Git / github.com/typo3/typo3
Affected ranges
- Type
- GIT
- Repo
- https://github.com/typo3/typo3
- Events
- Type
- GIT
- Repo
- https://github.com/typo3/typo3.cms
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
6.*
6.2.0
6.2.1
6.2.2
6.2.3
7.*
7.0.0
7.1.0
7.2.0
7.3.0
7.4.0
7.5.0
7.6.0
7.6.1
7.6.2
8.*
8.0.0
8.1.0
8.2.0
8.3.0
8.4.0
8.5.0
8.6.0
8.7.0
8.7.1
8.7.10
8.7.11
8.7.12
8.7.13
8.7.14
8.7.15
8.7.16
8.7.17
8.7.18
8.7.19
8.7.2
8.7.20
8.7.21
8.7.22
8.7.23
8.7.24
8.7.25
8.7.26
8.7.27
8.7.28
8.7.29
8.7.4
8.7.5
8.7.6
8.7.7
8.7.8
8.7.9
Other
TYPO3_6-1-0rc1
TYPO3_6-2-0
TYPO3_6-2-0alpha1
TYPO3_6-2-0alpha2
TYPO3_6-2-0alpha3
TYPO3_6-2-0beta1
TYPO3_6-2-0beta2
TYPO3_6-2-0beta3
TYPO3_6-2-0beta4
TYPO3_6-2-0beta5
TYPO3_6-2-0beta6
TYPO3_6-2-0beta7
TYPO3_6-2-0rc1
TYPO3_6-2-0rc2
TYPO3_6-2-1
TYPO3_6-2-2
TYPO3_6-2-3
TYPO3_7-0-0
TYPO3_7-1-0
TYPO3_7-2-0
TYPO3_7-3-0
TYPO3_7-4-0
TYPO3_7-5-0
TYPO3_7-6-0
TYPO3_7-6-1
TYPO3_7-6-2
TYPO3_8-0-0
TYPO3_8-1-0
TYPO3_8-2-0
TYPO3_8-3-0
TYPO3_8-4-0
TYPO3_8-5-0
TYPO3_8-6-0
TYPO3_8-7-0
TYPO3_8-7-1
TYPO3_8-7-10
TYPO3_8-7-11
TYPO3_8-7-12
TYPO3_8-7-13
TYPO3_8-7-14
TYPO3_8-7-15
TYPO3_8-7-16
TYPO3_8-7-17
TYPO3_8-7-18
TYPO3_8-7-19
TYPO3_8-7-2
TYPO3_8-7-20
TYPO3_8-7-21
TYPO3_8-7-22
TYPO3_8-7-23
TYPO3_8-7-24
TYPO3_8-7-25
TYPO3_8-7-26
TYPO3_8-7-27
TYPO3_8-7-28
TYPO3_8-7-29
TYPO3_8-7-4
TYPO3_8-7-5
TYPO3_8-7-6
TYPO3_8-7-7
TYPO3_8-7-8
TYPO3_8-7-9
v10.*
v10.0.0
v10.1.0
v10.2.0
v10.2.1
v8.*
v8.7.10
v8.7.11
v8.7.12
v8.7.13
v8.7.14
v8.7.15
v8.7.16
v8.7.17
v8.7.18
v8.7.19
v8.7.20
v8.7.21
v8.7.22
v8.7.23
v8.7.24
v8.7.25
v8.7.26
v8.7.27
v8.7.28
v8.7.29
v8.7.4
v8.7.5
v8.7.6
v8.7.7
v8.7.8
v8.7.9