CVE-2019-16699

{"id": "CVE-2019-16699", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2019-10-16T19:15:15.880", "references": [{"url": "https://extensions.typo3.org/extension/sr_freecap", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://typo3.org/security/advisory/typo3-ext-sa-2019-018/", "tags": ["Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "The sr_freecap (aka freeCap CAPTCHA) extension 2.4.5 and below and 2.5.2 and below for TYPO3 fails to sanitize user input, which allows execution of arbitrary Extbase actions, resulting in Remote Code Execution."}, {"lang": "es", "value": "La extensi\u00f3n sr_freecap (tambi\u00e9n se conoce como freeCap CAPTCHA) versi\u00f3n 2.4.5 y posteriores y versi\u00f3n 2.5.2 y posteriores para TYPO3 no sanea la entrada del usuario, lo que permite la ejecuci\u00f3n de acciones Extbase arbitrarias, resultando en la ejecuci\u00f3n de c\u00f3digo remota."}], "lastModified": "2019-10-21T13:43:16.810", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sr_freecap_project:sr_freecap:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FC701020-3EFE-40E4-896E-FC659D18925E", "versionEndIncluding": "2.4.5", "versionStartIncluding": "2.4.0"}, {"criteria": "cpe:2.3:a:sr_freecap_project:sr_freecap:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EAE61BCD-5990-485A-988B-7BC6E6DBDA29", "versionEndIncluding": "2.5.2", "versionStartIncluding": "2.5.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}