Description

The Extbase Framework in TYPO3 4.6.x through 4.6.6, 4.7, and 6.0 unserializes untrusted data, which allows remote attackers to unserialize arbitrary objects and possibly execute arbitrary code via vectors related to "a missing signature (HMAC) for a request argument."

Remediation

References

CVE-2012-1605

Related Vulnerabilities

WordPress Plugin Feed Them Social-for Twitter feed, Youtube and more Multiple Vulnerabilities (2.9.9)

MySQL CVE-2018-3170 Vulnerability (CVE-2018-3170)

Zenphoto Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-0995)

WordPress Plugin Uploader 'uploadify.php' Arbitrary File Upload (1.0.4)

MySQL CVE-2019-2946 Vulnerability (CVE-2019-2946)

Severity

Medium

Classification

CVE-2012-1605

Tags

Missing Update Known Vulnerabilities