CVE-2019-19850
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2019-19850
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-19850.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2019-19850
- Aliases
- Published
- 2019-12-17T17:15:18Z
- Modified
- 2025-02-19T02:58:02.419828Z
- Severity
-
- 7.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. Because escaping of user-submitted content is mishandled, the class QueryGenerator is vulnerable to SQL injection. Exploitation requires having the system extension ext:lowlevel installed, and a valid backend user who has administrator privileges.
- References
Affected packages
Git / github.com/typo3/typo3
Affected ranges
- Type
- GIT
- Repo
- https://github.com/typo3/typo3
- Events
- Type
- GIT
- Repo
- https://github.com/typo3/typo3.cms
- Events
Affected versions
8.*
8.0.0
8.1.0
8.2.0
8.3.0
8.4.0
8.5.0
8.6.0
8.7.0
8.7.1
8.7.10
8.7.11
8.7.12
8.7.13
8.7.14
8.7.15
8.7.16
8.7.17
8.7.18
8.7.19
8.7.2
8.7.20
8.7.21
8.7.22
8.7.23
8.7.24
8.7.25
8.7.26
8.7.27
8.7.28
8.7.29
8.7.4
8.7.5
8.7.6
8.7.7
8.7.8
8.7.9
Other
TYPO3_8-0-0
TYPO3_8-1-0
TYPO3_8-2-0
TYPO3_8-3-0
TYPO3_8-4-0
TYPO3_8-5-0
TYPO3_8-6-0
TYPO3_8-7-0
TYPO3_8-7-1
TYPO3_8-7-10
TYPO3_8-7-11
TYPO3_8-7-12
TYPO3_8-7-13
TYPO3_8-7-14
TYPO3_8-7-15
TYPO3_8-7-16
TYPO3_8-7-17
TYPO3_8-7-18
TYPO3_8-7-19
TYPO3_8-7-2
TYPO3_8-7-20
TYPO3_8-7-21
TYPO3_8-7-22
TYPO3_8-7-23
TYPO3_8-7-24
TYPO3_8-7-25
TYPO3_8-7-26
TYPO3_8-7-27
TYPO3_8-7-28
TYPO3_8-7-29
TYPO3_8-7-4
TYPO3_8-7-5
TYPO3_8-7-6
TYPO3_8-7-7
TYPO3_8-7-8
TYPO3_8-7-9
v8.*
v8.7.10
v8.7.11
v8.7.12
v8.7.13
v8.7.14
v8.7.15
v8.7.16
v8.7.17
v8.7.18
v8.7.19
v8.7.20
v8.7.21
v8.7.22
v8.7.23
v8.7.24
v8.7.25
v8.7.26
v8.7.27
v8.7.28
v8.7.29
v8.7.4
v8.7.5
v8.7.6
v8.7.7
v8.7.8
v8.7.9
v9.*
v9.0.0
v9.1.0
v9.2.0
v9.3.0
v9.4.0
v9.5.0
v9.5.1
v9.5.10
v9.5.11
v9.5.2
v9.5.3
v9.5.4
v9.5.5
v9.5.6
v9.5.7
v9.5.8
v9.5.9