First published: Wed Sep 05 2012(Updated: )
view_help.php in the backend help system in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote authenticated backend users to unserialize arbitrary objects and possibly execute arbitrary PHP code via an unspecified parameter, related to a "missing signature (HMAC)."
Credit: secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Typo3 Typo3 | =4.5 | |
Typo3 Typo3 | =4.5.0 | |
Typo3 Typo3 | =4.5.1 | |
Typo3 Typo3 | =4.5.2 | |
Typo3 Typo3 | =4.5.3 | |
Typo3 Typo3 | =4.5.4 | |
Typo3 Typo3 | =4.5.5 | |
Typo3 Typo3 | =4.5.6 | |
Typo3 Typo3 | =4.5.7 | |
Typo3 Typo3 | =4.5.8 | |
Typo3 Typo3 | =4.5.9 | |
Typo3 Typo3 | =4.5.10 | |
Typo3 Typo3 | =4.5.11 | |
Typo3 Typo3 | =4.5.12 | |
Typo3 Typo3 | =4.5.13 | |
Typo3 Typo3 | =4.5.14 | |
Typo3 Typo3 | =4.5.15 | |
Typo3 Typo3 | =4.5.16 | |
Typo3 Typo3 | =4.5.17 | |
Typo3 Typo3 | =4.5.18 | |
Typo3 Typo3 | =4.6 | |
Typo3 Typo3 | =4.6.0 | |
Typo3 Typo3 | =4.6.1 | |
Typo3 Typo3 | =4.6.2 | |
Typo3 Typo3 | =4.6.3 | |
Typo3 Typo3 | =4.6.4 | |
Typo3 Typo3 | =4.6.5 | |
Typo3 Typo3 | =4.6.6 | |
Typo3 Typo3 | =4.6.7 | |
Typo3 Typo3 | =4.6.8 | |
Typo3 Typo3 | =4.6.9 | |
Typo3 Typo3 | =4.6.10 | |
Typo3 Typo3 | =4.6.11 | |
Typo3 Typo3 | =4.7 | |
Typo3 Typo3 | =4.7.0 | |
Typo3 Typo3 | =4.7.1 | |
Typo3 Typo3 | =4.7.2 | |
Typo3 Typo3 | =4.7.3 | |
Typo3 Typo3 | >=4.5.0<4.5.19 | |
Typo3 Typo3 | >=4.6.0<4.6.12 | |
Typo3 Typo3 | >=4.7.0<4.7.4 | |
Debian Debian Linux | =6.0 | |
Debian Debian Linux | =7.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.