Description
The slub_events (aka SLUB: Event Registration) extension through 3.0.2 for TYPO3 allows uploading of arbitrary files to the webserver. For versions 1.2.2 and below, this results in Remote Code Execution. In versions later than 1.2.2, this can result in Denial of Service, since the web space can be filled up with arbitrary files.
References (2)
Core 2
Core References
Third Party Advisory x_refsource_misc
https://extensions.typo3.org/extension/slub_events
Third Party Advisory x_refsource_confirm
https://typo3.org/security/advisory/typo3-ext-sa-2019-017/
Scores
CVSS v3
9.8
EPSS
0.0215
EPSS Percentile
84.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-434
Status
published
Products (2)
slub/slub-events
0 - 3.0.3Packagist
slub-dresden/slub_events
< 3.0.2
Published
Oct 16, 2019
Tracked Since
Feb 18, 2026