Synopsis
The remote web server contains a PHP script that is affected by multiple vulnerabilities
Description
The version of TYPO3 installed on the remote host is 8.x prior to 8.7.30, 9.x prior to 9.5.12 or 10.x prior to 10.2.2.
It is, therefore, affected by multiple vulnerabilities:
- A directory traversal vulnerability exists in Typo3's extension manager. An authenticated, remote attacker can exploit this, by sending a URI that contains directory traversal characters, to disclose the contents of files located outside of the server's restricted path (CVE-2019-19848).
- An unsecure deserialization vulnerability exists in Typo3's QueryGenerator & QueryView classes. An authenticated, remote attacker could exploit this, via a specially crafted object, to execute arbitary code on an affected host (CVE-2019-19849).
- A SQL injection (SQLi) vulnerability exists in Typo's QueryGenerator class due to improper validation of user-supplied input. An authenticated, remote attacker can exploit this to inject or manipulate SQL queries in the back-end database, resulting in the disclosure or manipulation of arbitrary data (CVE-2019-19850).
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
Solution
Upgrade to TYPO3 8.7.30, 9.5.12, 10.2.2 or later.
Plugin Details
File Name: typo3_10_2_2.nasl
Configuration: Enable thorough checks
Supported Sensors: Nessus
Risk Information
Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:typo3:typo3
Required KB Items: www/PHP, installed_sw/TYPO3
Exploit Ease: No known exploits are available
Patch Publication Date: 12/17/2019
Vulnerability Publication Date: 12/17/2019