Description
PHP remote file inclusion vulnerability in Classes/Controller/AbstractController.php in the workspaces system extension in TYPO3 4.5.x before 4.5.9, 4.6.x before 4.6.2, and development versions of 4.7 allows remote attackers to execute arbitrary PHP code via a URL in the BACK_PATH parameter.
Remediation
References
Related Vulnerabilities
WordPress Plugin Kama Click Counter SQL Injection (3.4.9)
phpMyAdmin Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2011-2505)
Joomla CVE-2012-2747 Vulnerability (CVE-2012-2747)
WordPress Plugin Tweet Wheel Spam (0.3)
Apache Traffic Server Improper Input Validation Vulnerability (CVE-2022-31779)