4.6

CVE-2012-3527

view_help.php in the backend help system in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote authenticated backend users to unserialize arbitrary objects and possibly execute arbitrary PHP code via an unspecified parameter, related to a "missing signature (HMAC)."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Typo3Typo3 Version >= 4.5.0 < 4.5.19
Typo3Typo3 Version >= 4.6.0 < 4.6.12
Typo3Typo3 Version >= 4.7.0 < 4.7.4
DebianDebian Linux Version6.0
DebianDebian Linux Version7.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.12% 0.795
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.6 3.9 6.4
AV:N/AC:H/Au:S/C:P/I:P/A:P
CWE-502 Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

http://osvdb.org/84773
Broken Link
http://secunia.com/advisories/50287
Not Applicable
http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004/
Vendor Advisory
http://www.debian.org/security/2012/dsa-2537
Third Party Advisory
http://www.openwall.com/lists/oss-security/2012/08/22/8
Mailing List
https://exchange.xforce.ibmcloud.com/vulnerabilities/77791
Third Party Advisory
VDB Entry