Description

view_help.php in the backend help system in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote authenticated backend users to unserialize arbitrary objects and possibly execute arbitrary PHP code via an unspecified parameter, related to a "missing signature (HMAC)."

Remediation

References

CVE-2012-3527

Related Vulnerabilities

Jboss EAP Uncontrolled Resource Consumption Vulnerability (CVE-2020-14384)

e107 Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2018-15901)

Oracle Database Server Deserialization of Untrusted Data Vulnerability (CVE-2018-14719)

Craft CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-33194)

Zikula Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2010-4729)

Severity

Medium

Classification

CVE-2012-3527

Tags

Missing Update Known Vulnerabilities