Description
The Extbase Framework in TYPO3 4.6.x through 4.6.6, 4.7, and 6.0 unserializes untrusted data, which allows remote attackers to unserialize arbitrary objects and possibly execute arbitrary code via vectors related to "a missing signature (HMAC) for a request argument."
Remediation
References
Related Vulnerabilities
WordPress Plugin Blog2Social:Social Media Auto Post & Scheduler SQL Injection (5.5.0)
WordPress Plugin IzeeChat-Live Chat Cross-Site Scripting (1.0)
WordPress Plugin St-Daily-Tip Cross-Site Request Forgery (4.7)
WordPress 3.9.x Multiple Vulnerabilities (3.9 - 3.9.27)
WordPress Plugin Soundy Background Music Cross-Site Scripting (3.1)