Vulnerability Details CVE-2019-16700
The slub_events (aka SLUB: Event Registration) extension through 3.0.2 for TYPO3 allows uploading of arbitrary files to the webserver. For versions 1.2.2 and below, this results in Remote Code Execution. In versions later than 1.2.2, this can result in Denial of Service, since the web space can be filled up with arbitrary files.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.021
EPSS Ranking 83.5%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
Products affected by CVE-2019-16700
-
cpe:2.3:a:slub-dresden:slub_events:1.0.10
-
cpe:2.3:a:slub-dresden:slub_events:1.0.11
-
cpe:2.3:a:slub-dresden:slub_events:1.0.15
-
cpe:2.3:a:slub-dresden:slub_events:1.0.17
-
cpe:2.3:a:slub-dresden:slub_events:1.0.19
-
cpe:2.3:a:slub-dresden:slub_events:1.0.26
-
cpe:2.3:a:slub-dresden:slub_events:1.0.7
-
cpe:2.3:a:slub-dresden:slub_events:1.0.8
-
cpe:2.3:a:slub-dresden:slub_events:1.1.0
-
cpe:2.3:a:slub-dresden:slub_events:1.1.1
-
cpe:2.3:a:slub-dresden:slub_events:1.1.5
-
cpe:2.3:a:slub-dresden:slub_events:1.1.8
-
cpe:2.3:a:slub-dresden:slub_events:1.2.0
-
cpe:2.3:a:slub-dresden:slub_events:1.2.2
-
cpe:2.3:a:slub-dresden:slub_events:1.4.0
-
cpe:2.3:a:slub-dresden:slub_events:1.4.1
-
cpe:2.3:a:slub-dresden:slub_events:1.4.2
-
cpe:2.3:a:slub-dresden:slub_events:2.2.0
-
cpe:2.3:a:slub-dresden:slub_events:2.3.0
-
cpe:2.3:a:slub-dresden:slub_events:2.4.0
-
cpe:2.3:a:slub-dresden:slub_events:2.4.1
-
cpe:2.3:a:slub-dresden:slub_events:2.4.2
-
cpe:2.3:a:slub-dresden:slub_events:2.4.3
-
cpe:2.3:a:slub-dresden:slub_events:3.0.0
-
cpe:2.3:a:slub-dresden:slub_events:3.0.1
-
cpe:2.3:a:slub-dresden:slub_events:3.0.2