4.6

CVE-2012-3527

EPSS 2.07%
Published 05.09.2012 23:55:01
Last modified 11.04.2025 00:51:21
Source secalert@redhat.com
Teams watchlist Login
Open Login

view_help.php in the backend help system in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote authenticated backend users to unserialize arbitrary objects and possibly execute arbitrary PHP code via an unspecified parameter, related to a "missing signature (HMAC)."

Affected products Warnungen 0 Metrics 2 CWE 1 References 9

Data is provided by the National Vulnerability Database (NVD)

Typo3 ≫ Typo3 Version >= 4.5.0 < 4.5.19

Typo3 ≫ Typo3 Version >= 4.6.0 < 4.6.12

Typo3 ≫ Typo3 Version >= 4.7.0 < 4.7.4

Debian ≫ Debian Linux Version6.0

Debian ≫ Debian Linux Version7.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	2.07%	0.833

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4.6	3.9	6.4	AV:N/AC:H/Au:S/C:P/I:P/A:P

CWE-502 Deserialization of Untrusted Data

The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.

http://osvdb.org/84773

Broken Link

http://secunia.com/advisories/50287

Not Applicable

http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004/

Vendor Advisory

http://www.debian.org/security/2012/dsa-2537

Third Party Advisory

http://www.openwall.com/lists/oss-security/2012/08/22/8

Mailing List

https://exchange.xforce.ibmcloud.com/vulnerabilities/77791

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2012-3527

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2012-3527

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2012-3527

EUVD