ASA-2019-00586 – TYPO3 extension URL redirect (url_redirect): SQL Injection

Posted on by Allele Security Intelligence in Alerts

Allele Security Alert

ASA-2019-00586

Identifier(s)

ASA-2019-00586, CVE-2019-16682, EXT-SA-2019-015

Title

SQL Injection

Vendor(s)

Stefan Froemken

Product(s)

TYPO3 extension URL redirect (url_redirect)

Affected version(s)

TYPO3 extension URL redirect (url_redirect) versions before 1.2.2

Fixed version(s)

TYPO3 extension URL redirect (url_redirect) version 1.2.2

Proof of concept

Unknown

Description

The extension fails to properly sanitize user input and is susceptible to SQL Injection.

Technical details

Unknown

Credits

Daniel Goerz

Reference(s)

SQL Injection in extension “URL redirect” (url_redirect)
https://typo3.org/security/advisory/typo3-ext-sa-2019-015/

URL redirect (url_redirect)
https://extensions.typo3.org/extension/url_redirect/

[TYPO3-announce] [Ticket#201910155760000011] Vulnerabilities in multiple third party TYPO3 CMS extensions
http://lists.typo3.org/pipermail/typo3-announce/2019/000452.html

CVE-2019-16682
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16682

CVE-2019-16682
https://nvd.nist.gov/vuln/detail/CVE-2019-16682

If there is any error in this alert or you wish a comprehensive analysis, let us know.

Last modified: October 22, 2019

We are not responsible for any data loss, device corruption or any other type of issue due to the use of any information mentioned in our security alerts.