TYPO3 8.x before 8.7.25 and 9.x before 9.5.6 allows remote code execution because it does not properly configure the applications used for image processing, as demonstrated by ImageMagick or GraphicsMagick.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| typo3/cms-core(Packagist) | 8.0.0 | 8.7.25 | N/A |
| typo3/cms-core(Packagist) | 9.0.0 | 9.5.6 | N/A |
| typo3/cms(Packagist) | 8.0.0 | 8.7.25 | N/A |
| typo3/cms(Packagist) | 9.0.0 | 9.5.6 | N/A |
CVSS Metrics
