Description
PHP remote file inclusion vulnerability in Classes/Controller/AbstractController.php in the workspaces system extension in TYPO3 4.5.x before 4.5.9, 4.6.x before 4.6.2, and development versions of 4.7 allows remote attackers to execute arbitrary PHP code via a URL in the BACK_PATH parameter.
Remediation
References
Related Vulnerabilities
Microsoft SQL Server Other Vulnerability (CVE-2002-1872)
MediaWiki CVE-2023-29141 Vulnerability (CVE-2023-29141)
WordPress Plugin DethemeKit For Elementor Multiple Cross-Site Scripting Vulnerabilities (1.5.5.4)
Apache Tomcat Other Vulnerability (CVE-2006-7197)
Moodle Credentials Management Errors Vulnerability (CVE-2014-0008)