Home > Vulnerability Database > WS-2018-0049

Mend.io Vulnerability Database

WS-2018-0049

Good to know:

Date: November 22, 2016

Insecure Unserialize vulnerability in TYPO3 6.2.0 before 6.2.29, 7.6.0 before 7.6.13 and 8.0.0 before 8.4.1. Failing to properly validate incoming data, the suggest wizard is susceptible to insecure unserialize. To exploit this vulnerability a valid backend user account is needed.

Language: PHP

Severity Score

5.0

Related Resources (3)

Url: https://github.com/TYPO3/TYPO3.CMS/commit/d3f562259e5ebb2e95f7ba2a2aa2596746646280

Url: https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-023/

Url: https://www.mend.io/vulnerability-database/WS-2018-0049

Severity Score

5.0

Weakness Type (CWE)

Deserialization of Untrusted Data

CWE-502

Top Fix

Upgrade Version

Upgrade to version TYPO3_6-2-29,TYPO3_7-6-13,TYPO3_8-4-1

Learn More

CVSS v3.1

Base Score:	5.0
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

WS-2018-0049

Good to know:

Date: November 22, 2016

Language: PHP

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?