CVE-2020-15086 – In TYPO3 installations with the "mediace" extension from version 7.6.2 and befor …

29 July 2020

Vuln ID: CVE-2020-15086

Published: 2020-07-29 17:15:13Z

Description: In TYPO3 installations with the "mediace" extension from version 7.6.2 and before version 7.6.5, it has been discovered that an internal verification mechanism can be used to generate arbitrary checksums. The allows to inject arbitrary data having a valid cryptographic message authentication code and can lead to remote code execution. To successfully exploit this vulnerability, an attacker must have access to at least one `Extbase` plugin or module action in a TYPO3 installation. This is fixed in version 7.6.5 of the "mediace" extension for TYPO3.

Source: NVD.NIST.GOV

Date:

29 July 2020

Categorie(s):

NVD

Tag(s):

NVD

Trellix Email Security for Microsoft Office 365 improves email defense23 April 2024
Russian APT28 Group in New “GooseEgg” Hacking Campaign23 April 2024
The multitenant dilemma: Gaining more control over user access without compromising data isolation23 April 2024
Hacker Offers Upto $300 To Mobile Networks Staff For Illegal SIM Swaps23 April 2024
Over a million Neighbourhood Watch members exposed through web app bug23 April 2024