CVE-2021-43562

Recent Vulnerabilities Product List Research Posts Trends Blog About Contact

Published: 10/11/2021 Updated: 16/11/2021

CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 578

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

An issue exists in the pixxio (aka pixx.io integration or DAM) extension prior to 1.0.6 for TYPO3. The extension fails to restrict the image download to the configured pixx.io DAM URL, resulting in SSRF. As a result, an attacker can download various content from a remote location and save it to a user-controlled filename, which may result in Remote Code Execution. A TYPO3 backend user account is required to exploit this.

Vulnerable Product	Search on Vulmon	Subscribe to Product
pixxio pixx.io

CWE-918 https://typo3.org/security/advisory/typo3-ext-sa-2021-017 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2021-43562

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect