Описание
view_help.php in the backend help system in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote authenticated backend users to unserialize arbitrary objects and possibly execute arbitrary PHP code via an unspecified parameter, related to a "missing signature (HMAC)."
Ссылки
- Broken Link
- Not Applicable
- Vendor Advisory
- Third Party Advisory
- Mailing List
- Third Party AdvisoryVDB Entry
- Broken Link
- Not Applicable
- Vendor Advisory
- Third Party Advisory
- Mailing List
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
Одно из
Одно из
EPSS
4.6 Medium
CVSS2
Дефекты
Связанные уязвимости
view_help.php in the backend help system in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote authenticated backend users to unserialize arbitrary objects and possibly execute arbitrary PHP code via an unspecified parameter, related to a "missing signature (HMAC)."
view_help.php in the backend help system in TYPO3 4.5.x before 4.5.19, ...
TYPO3 allows remote authenticated backend users to unserialize arbitrary objects
EPSS
4.6 Medium
CVSS2