-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability stems from improper input validation in Extbase action handling. TYPO3 Extbase controllers use Action() methods mapped to user requests. The advisory specifically mentions arbitrary Extbase action execution, which implies the controller's action dispatcher didn't properly validate allowed actions. The FreecapController's processAction would be the primary handler for CAPTCHA validation requests, making it the most likely candidate for improper input sanitization. Attackers could manipulate 'action' parameters to execute unintended methods or pass unsanitized input to dangerous functions. While exact code isn't available, the pattern matches TYPO3's Extbase vulnerability paradigms and the CWE-20 description.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| sjbr/sr-freecap | composer | >= 2.5.0, < 2.5.3 | 2.5.3 |
| sjbr/sr-freecap | composer | < 2.4.6 | 2.4.6 |
Ongoing coverage of React2Shell