Search for vulnerabilities
Vulnerability details: VCID-rk6h-431z-ubbk
Vulnerability ID VCID-rk6h-431z-ubbk
Aliases CVE-2019-19850
GHSA-59pj-7mjh-4465
Summary TYPO3 SQL Injection in low-level Query Generator An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. Because escaping of user-submitted content is mishandled, the class QueryGenerator is vulnerable to SQL injection. Exploitation requires having the system extension ext:lowlevel installed, and a valid backend user who has administrator privileges.
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
System Score Found at
epss 0.00357 https://api.first.org/data/v1/epss?cve=CVE-2019-19850
cvssv3.1 5.5 https://github.com/TYPO3/typo3
generic_textual MODERATE https://github.com/TYPO3/typo3
cvssv2 6.5 https://nvd.nist.gov/vuln/detail/CVE-2019-19850
cvssv3.1 5.5 https://nvd.nist.gov/vuln/detail/CVE-2019-19850
cvssv3.1 7.2 https://nvd.nist.gov/vuln/detail/CVE-2019-19850
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2019-19850
cvssv3.1 5.5 https://review.typo3.org/q/%2522Resolves:+%252389452%2522+topic:security
generic_textual MODERATE https://review.typo3.org/q/%2522Resolves:+%252389452%2522+topic:security
cvssv3.1 5.5 https://typo3.org/security/advisory/typo3-core-sa-2019-025
generic_textual MODERATE https://typo3.org/security/advisory/typo3-core-sa-2019-025
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2019-19850
https://github.com/TYPO3/typo3
https://nvd.nist.gov/vuln/detail/CVE-2019-19850
https://review.typo3.org/q/%2522Resolves:+%252389452%2522+topic:security
https://typo3.org/security/advisory/typo3-core-sa-2019-025
https://typo3.org/security/advisory/typo3-core-sa-2019-025/
cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*
No exploits are available.
Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N Found at https://github.com/TYPO3/typo3
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2019-19850
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2019-19850
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2019-19850
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N Found at https://review.typo3.org/q/%2522Resolves:+%252389452%2522+topic:security
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N Found at https://typo3.org/security/advisory/typo3-core-sa-2019-025
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.57219
EPSS Score 0.00357
Published At June 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-01T12:29:23.791221+00:00 GithubOSV Importer Import https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-59pj-7mjh-4465/GHSA-59pj-7mjh-4465.json 36.1.3