GHSA-598p-rv6p-g7qc

Suggest an improvement
Source
https://github.com/advisories/GHSA-598p-rv6p-g7qc
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-598p-rv6p-g7qc/GHSA-598p-rv6p-g7qc.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-598p-rv6p-g7qc
Aliases
  • CVE-2019-16699
Published
2022-05-24T16:58:56Z
Modified
2024-02-22T05:31:43.421936Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
sr_freecap for Typo3 RCE Vulnerability
Details

The sr_freecap (aka freeCap CAPTCHA) extension 2.4.5 and below and 2.5.2 and below for TYPO3 fails to sanitize user input, which allows execution of arbitrary Extbase actions, resulting in Remote Code Execution.

Database specific
{
    "nvd_published_at": "2019-10-16T19:15:00Z",
    "cwe_ids": [
        "CWE-20"
    ],
    "severity": "CRITICAL",
    "github_reviewed": true,
    "github_reviewed_at": "2023-07-18T18:46:29Z"
}
References

Affected packages

Packagist / sjbr/sr-freecap

Package

Name
sjbr/sr-freecap
Purl
pkg:composer/sjbr/sr-freecap

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.5.0
Fixed
2.5.3

Affected versions

2.*

2.5.0
2.5.1
2.5.2

Packagist / sjbr/sr-freecap

Package

Name
sjbr/sr-freecap
Purl
pkg:composer/sjbr/sr-freecap

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.4.6

Affected versions

2.*

2.3.1
2.4.0
2.4.4
2.4.5