Description

view_help.php in the backend help system in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote authenticated backend users to unserialize arbitrary objects and possibly execute arbitrary PHP code via an unspecified parameter, related to a "missing signature (HMAC)."

Remediation

References

CVE-2012-3527

Related Vulnerabilities

WordPress Plugin YARPP-Yet Another Related Posts Cross-Site Scripting (5.30.2)

WordPress Plugin Unlimited Pop-Ups Multiple Cross-Site Scripting Vulnerabilities (1.4.3)

WordPress Plugin FAQs Manager Cross-Site Scripting and Cross-Site Request Forgery Vulnerabilities (1.0)

Vanilla Forums Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2018-15833)

Joomla! Core Multiple Vulnerabilities (2.5.0 - 3.8.12)

Severity

Medium

Classification

CVE-2012-3527

Tags

Missing Update Known Vulnerabilities