Description

PHP remote file inclusion vulnerability in Classes/Controller/AbstractController.php in the workspaces system extension in TYPO3 4.5.x before 4.5.9, 4.6.x before 4.6.2, and development versions of 4.7 allows remote attackers to execute arbitrary PHP code via a URL in the BACK_PATH parameter.

Remediation

References

CVE-2011-4614

Related Vulnerabilities

CKEditor Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-41165)

WordPress 5.2.x Multiple Vulnerabilities (5.2 - 5.2.9)

TCExam Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-4602)

Grafana Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Vulnerability (CVE-2022-39328)

Oracle JRE CVE-2022-21277 Vulnerability (CVE-2022-21277)

Severity

Medium

Classification

CVE-2011-4614 CWE-94

Tags

Missing Update Known Vulnerabilities