Critical severityNVD Advisory· Published Oct 16, 2019· Updated Aug 5, 2024

CVE-2019-16699

Description

The sr_freecap (aka freeCap CAPTCHA) extension 2.4.5 and below and 2.5.2 and below for TYPO3 fails to sanitize user input, which allows execution of arbitrary Extbase actions, resulting in Remote Code Execution.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
sjbr/sr-freecapPackagist	>= 2.5.0, < 2.5.3	2.5.3
sjbr/sr-freecapPackagist	< 2.4.6	2.4.6

Affected products

TYPO3/freeCap CAPTCHAdescription
ghsa-coords
pkg:composer/sjbr/sr-freecap
Range: >= 2.5.0, < 2.5.3

Patches

Vulnerability mechanics

No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.

References

github.com/advisories/GHSA-598p-rv6p-g7qcghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2019-16699ghsaADVISORY
extensions.typo3.org/extension/sr_freecapghsax_refsource_MISCWEB
typo3.org/security/advisory/typo3-ext-sa-2019-018ghsaWEB
typo3.org/security/advisory/typo3-ext-sa-2019-018/mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.585
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000