Описание
PHP remote file inclusion vulnerability in Classes/Controller/AbstractController.php in the workspaces system extension in TYPO3 4.5.x before 4.5.9, 4.6.x before 4.6.2, and development versions of 4.7 allows remote attackers to execute arbitrary PHP code via a URL in the BACK_PATH parameter.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 4.5.10+dfsg1-1 |
| hardy | ignored | end of life |
| lucid | ignored | end of life |
| maverick | ignored | end of life |
| natty | ignored | end of life |
| oneiric | ignored | end of life |
| precise | not-affected | 4.5.10+dfsg1-1 |
| quantal | not-affected | 4.5.10+dfsg1-1 |
| raring | not-affected | 4.5.10+dfsg1-1 |
| saucy | not-affected | 4.5.10+dfsg1-1 |
Показывать по
EPSS
6.8 Medium
CVSS2
Связанные уязвимости
PHP remote file inclusion vulnerability in Classes/Controller/AbstractController.php in the workspaces system extension in TYPO3 4.5.x before 4.5.9, 4.6.x before 4.6.2, and development versions of 4.7 allows remote attackers to execute arbitrary PHP code via a URL in the BACK_PATH parameter.
PHP remote file inclusion vulnerability in Classes/Controller/Abstract ...
PHP remote file inclusion vulnerability in Classes/Controller/AbstractController.php in the workspaces system extension in TYPO3 4.5.x before 4.5.9, 4.6.x before 4.6.2, and development versions of 4.7 allows remote attackers to execute arbitrary PHP code via a URL in the BACK_PATH parameter.
EPSS
6.8 Medium
CVSS2