Arbitrary File Upload and Potential Remote Code Execution in TYPO3 slub_events Extension

Arbitrary File Upload and Potential Remote Code Execution in TYPO3 slub_events Extension

CVE-2019-16700 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

The slub_events (aka SLUB: Event Registration) extension through 3.0.2 for TYPO3 allows uploading of arbitrary files to the webserver. For versions 1.2.2 and below, this results in Remote Code Execution. In versions later than 1.2.2, this can result in Denial of Service, since the web space can be filled up with arbitrary files.

Learn more about our Web App Pen Testing.