CVE-2010-1153
TYPO3 4.3.0-4.3.2 - Remote Code Execution via Autoloader ClassName Variable
Title source: llmDescription
PHP remote file inclusion vulnerability in the autoloader in TYPO3 4.3.x before 4.3.3 allows remote attackers to execute arbitrary PHP code via a URL in an input field associated with the className variable.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_confirm
http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-008/
Mailing List mailing-list
x_refsource_mlist
http://marc.info/?l=oss-security&m=127092306209177&w=2
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2010/04/12/1
Scores
EPSS
0.0060
EPSS Percentile
69.8%
Details
CWE
CWE-94
Status
published
Products (4)
typo3/cms
4.3.0 - 4.3.3Packagist
typo3/typo3
4.3.0
typo3/typo3
4.3.1
typo3/typo3
4.3.2
Published
Apr 20, 2010
Tracked Since
Feb 18, 2026