ASA-2019-00584 – TYPO3 extension freeCap CAPTCHA (sr_freecap): Remote Code Execution


Allele Security Alert

ASA-2019-00584

Identifier(s)

ASA-2019-00584, CVE-2019-16699, EXT-SA-2019-018

Title

Remote Code Execution

Vendor(s)

SJBR

Product(s)

TYPO3 extension freeCap CAPTCHA (sr_freecap)

Affected version(s)

TYPO3 extension freeCap CAPTCHA (sr_freecap) versions before 2.5.3
TYPO3 extension freeCap CAPTCHA (sr_freecap) versions before 2.4.6

Fixed version(s)

TYPO3 extension freeCap CAPTCHA (sr_freecap) version 2.5.3
TYPO3 extension freeCap CAPTCHA (sr_freecap) version 2.4.6

Proof of concept

Unknown

Description

The extension fails to sanitize user input which allows to execute arbitrary Extbase actions resulting in Remote Code Execution.

Technical details

Unknown

Credits

Kai Ullrich (Code White GmbH)

Reference(s)

Remote Code Execution in extension “freeCap CAPTCHA” (sr_freecap)
https://typo3.org/security/advisory/typo3-ext-sa-2019-018/

freeCap CAPTCHA (sr_freecap)
https://extensions.typo3.org/extension/sr_freecap/

[TYPO3-announce] [Ticket#201910155760000011] Vulnerabilities in multiple third party TYPO3 CMS extensions
http://lists.typo3.org/pipermail/typo3-announce/2019/000452.html

62009:[BUGFIX] Resolves Security Ticket#201907155760000027
https://review.typo3.org/c/TYPO3CMS/Extensions/sr_freecap/+/62009

[BUGFIX] Resolves Security Ticket#201907155760000027
https://github.com/TYPO3-extensions/sr_freecap/commit/21b2da5b363600c8cd2d196c23ea96a3002fddfa

CVE-2019-16699
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16699

CVE-2019-16699
https://nvd.nist.gov/vuln/detail/CVE-2019-16699

If there is any error in this alert or you wish a comprehensive analysis, let us know.

Last modified: October 22, 2019

We are not responsible for any data loss, device corruption or any other type of issue due to the use of any information mentioned in our security alerts.