In TYPO3 installations with the "mediace" extension from version 7.6.2 and before version 7.6.5, it has been discovered that an internal verification mechanism can be used to generate arbitrary checksums. The allows to inject arbitrary data having a valid cryptographic message authentication code and can lead to remote code execution. To successfully exploit this vulnerability, an attacker must have access to at least one `Extbase` plugin or module action in a TYPO3 installation. This is fixed in version 7.6.5 of the "mediace" extension for TYPO3.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HTypo3 Mediace
APPTypo37.6.2 – 7.6.5 (bez)
Related vulnerabilities
It was found that Typo3 Core versions 4.5.0 - 4.5.5 uses prepared statements that, if the parameter values are...
TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to bypass authenticati...
The PharStreamWrapper (aka phar-stream-wrapper) package 2.x before 2.1.1 and 3.x before 3.1.1 for TYPO3 does n...
PharMetaDataInterceptor in the PharStreamWrapper (aka phar-stream-wrapper) package 2.x before 2.1.1 and 3.x be...
Changing backend users' passwords via the user settings module results in storing the cleartext password in th...