An issue was discovered in the pixxio (aka integration or DAM) extension before 1.0.6 for TYPO3. The extension fails to restrict the image download to the configured DAM URL, resulting in SSRF. As a result, an attacker can download various content from a remote location and save it to a user-controlled filename, which may result in Remote Code Execution. A TYPO3 backend user account is required to exploit this.

Source: CVE-2021-43562

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 항목은 *(으)로 표시합니다

Time limit is exhausted. Please reload the CAPTCHA.