GHSA-x428-565f-8xj2: 
PHP vulnerability analysis and mitigation

A security vulnerability was discovered in TYPO3 CMS affecting versions 8.0.0-8.7.26 and 9.0.0-9.5.7, identified as TYPO3-CORE-SA-2019-019. The vulnerability was related to the Backend API configuration using Page TSconfig, which could be exploited for arbitrary code execution and cross-site scripting. The issue was disclosed on June 25th, 2019, affecting the TYPO3 CMS core component, specifically the Backend API (ext:backend) subcomponent (TYPO3 Advisory).

The vulnerability stemmed from TSconfig fields in page properties within backend forms that could be used to inject malicious sequences. Additionally, the tsconfig_includes field was vulnerable to directory traversal, which could lead to unauthorized access to TSconfig settings. The vulnerability received a CVSS v3.1 base score of 8.8 (High severity) with the following vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (GitHub Advisory).

The vulnerability could allow attackers with valid backend user credentials to execute arbitrary code and perform cross-site scripting attacks through the manipulation of pages.TSconfig and pages.tsconfig_includes fields. This could potentially lead to unauthorized access to sensitive data, system compromise, and website defacement (TYPO3 Advisory).

The vulnerability was patched in TYPO3 versions 8.7.27 and 9.5.8. The fix includes denying non-admin users from modifying the pages.TSconfig and pages.tsconfig_includes fields. Users are strongly advised to upgrade to these patched versions to protect their systems (TYPO3 Advisory).