Description
The Extbase Framework in TYPO3 4.6.x through 4.6.6, 4.7, and 6.0 unserializes untrusted data, which allows remote attackers to unserialize arbitrary objects and possibly execute arbitrary code via vectors related to "a missing signature (HMAC) for a request argument."
Remediation
References
Related Vulnerabilities
Handlebars Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2026-33938)
Atlassian Jira Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-20099)
WordPress 5.2.x Multiple Vulnerabilities (5.2 - 5.2.17)
MyBB CVE-2011-5133 Vulnerability (CVE-2011-5133)
WordPress Plugin Gallery-Flagallery Photo Portfolio Cross-Site Scripting (2.70)