What is CVE-2020-11066?

CVE-2020-11066 is a high-severity vulnerability in Typo3 Cms, classified under Improperly Controlled Modification of Dynamically-Determined Object Attributes. CVSS score: 8.7/10. Published 2020-05-13.

How severe is CVE-2020-11066?

High severity. CVSS v3 base score is 8.7 out of 10.

Is CVE-2020-11066 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Typo3 Cms

CVE-2020-11066

In TYPO3 CMS greater than or equal to 9.0.0 and less than 9.5.17 and greater than or equal to 10.0.0 and less than 10.4.2, calling unserialize() on malicious user-submitted content can lead to modification of dynamically-determined object…

Vulnerability class: Mass Assignment

EPSS: 0.005 (67.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.7 (High). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H.

Affected products

Typo3 Cms — versions >= 9.0.0, < 9.5.17, >= 10.0.0, < 10.4.2

Weakness classification (CWE)

CWE-915 — Improperly Controlled Modification of Dynamically-Determined Object Attributes

Public proof-of-concept exploits

Live-Hack-CVE/CVE-2020-11066

References

github.com/TYPO3/TYPO3.CMS/security/advisories/GHSA-2rxh-h6h9-qrqc (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2020-11066?: CVE-2020-11066 is a high-severity vulnerability in Typo3 Cms, classified under Improperly Controlled Modification of Dynamically-Determined Object Attributes. CVSS score: 8.7/10. Published 2020-05-13.
How severe is CVE-2020-11066?: High severity. CVSS v3 base score is 8.7 out of 10.
Is CVE-2020-11066 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.