CVE-2012-3527

Sažetak

view_help.php in the backend help system in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote authenticated backend users to unserialize arbitrary objects and possibly execute arbitrary PHP code via an unspecified parameter, related to a "missing signature (HMAC)."

Reference

http://osvdb.org/84773
http://secunia.com/advisories/50287
http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004/
http://www.debian.org/security/2012/dsa-2537
http://www.openwall.com/lists/oss-security/2012/08/22/8
https://exchange.xforce.ibmcloud.com/vulnerabilities/77791

CVSS

Base:	4.6
Impact:	6.4
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	HIGH	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:H/Au:S/C:P/I:P/A:P

Zadnje važnije ažuriranje

21-01-2024 - 02:47

Objavljeno

05-09-2012 - 23:55