Description

PHP remote file inclusion vulnerability in the autoloader in TYPO3 4.3.x before 4.3.3 allows remote attackers to execute arbitrary PHP code via a URL in an input field associated with the className variable.

Remediation

References

CVE-2010-1153

Related Vulnerabilities

MySQL CVE-2018-3070 Vulnerability (CVE-2018-3070)

WordPress Plugin 1 Flash Gallery Cross-Site Scripting and SQL Injection Vulnerabilities (0.2.5)

WordPress Plugin WP CSV Exporter SQL Injection (1.3.6)

Dot CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-15219)

WordPress Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-20151)

Severity

Medium

Classification

CVE-2010-1153 CWE-94

Tags

Missing Update Known Vulnerabilities