CVE-2019-19850

MEDIUM Year: 2019
CVSS v3 Score
5.5
Medium
CVSS v2 Score
6.5
Medium
Weakness Type
CWE-89
View all →

Vulnerability Description

An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. Because escaping of user-submitted content is mishandled, the class QueryGenerator is vulnerable to SQL injection. Exploitation requires having the system extension ext:lowlevel installed, and a valid backend user who has administrator privileges.

Related Vulnerabilities

CVE-2017-20195

MEDIUM
CVSS:5.5(Medium)

A vulnerability was found in LUNAD3v AreaLoad up to 1a1103182ed63a06dde63d1712f3262eda19c3ec. It has been rated as critical. This issue affects some unknown processing of the file request.php. The man...

CWE-892017

CVE-2018-9493

MEDIUM
CVSS:5.5(Medium)

In the content provider of the download manager, there is a possible SQL injection due to improper input validation. This could lead to local information disclosure with no additional execution privil...

CWE-892018

CVE-2019-2196

MEDIUM
CVSS:5.5(Medium)

In Download Provider, there is possible SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.P...

CWE-892019

CVE-2019-2198

MEDIUM
CVSS:5.5(Medium)

In Download Provider, there is a possible SQL injection vulnerability. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed fo...

CWE-892019

CVE-2020-0344

MEDIUM
CVSS:5.5(Medium)

In MediaProvider, there is a possible permissions bypass due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not n...

CWE-892020

CVE-2020-0352

MEDIUM
CVSS:5.5(Medium)

In MediaProvider, there is a possible permissions bypass due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not n...

CWE-892020