Описание
The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote authenticated backend users to unserialize arbitrary PHP objects, delete arbitrary files, and possibly have other unspecified impacts via an unspecified parameter, related to a "missing signature."
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was not-affected [4.5.32+dfsg1-1]] |
| lucid | ignored | end of life |
| precise | ignored | end of life |
| precise/esm | DNE | precise was needed |
| quantal | ignored | end of life |
| raring | released | 4.5.19+dfsg1-5+wheezy2build0.13.04.1 |
| saucy | ignored | end of life |
| trusty | not-affected | 4.5.32+dfsg1-1 |
| trusty/esm | DNE | trusty was not-affected [4.5.32+dfsg1-1] |
Показывать по
6.5 Medium
CVSS2
Связанные уязвимости
The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote authenticated backend users to unserialize arbitrary PHP objects, delete arbitrary files, and possibly have other unspecified impacts via an unspecified parameter, related to a "missing signature."
The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4 ...
TYPO3 vulnerable to Insecure Unserialize via Content Editing Wizards component
6.5 Medium
CVSS2