CVE-2011-4614

TYPO3 4.5.x-4.5.9 4.6.x-4.6.2 4.7 - Remote Code Execution via BACK_PATH Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-4614. PoCs published by MaXe.

AI-analyzed exploit summary This is a writeup detailing a remote code execution vulnerability in Typo3 versions 4.5.0 to 4.5.8, 4.6.0, and 4.6.1, as well as development releases of the 4.7 branch. The vulnerability allows for RFI/LFI via the BACK_PATH global variable, requiring register_globals to be enabled and a null-byte termination for successful exploitation.

Description

PHP remote file inclusion vulnerability in Classes/Controller/AbstractController.php in the workspaces system extension in TYPO3 4.5.x before 4.5.9, 4.6.x before 4.6.2, and development versions of 4.7 allows remote attackers to execute arbitrary PHP code via a URL in the BACK_PATH parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED

by MaXe · textwebappsphp

https://www.exploit-db.com/exploits/18308

View Code ZIP pw:eip

This is a writeup detailing a remote code execution vulnerability in Typo3 versions 4.5.0 to 4.5.8, 4.6.0, and 4.6.1, as well as development releases of the 4.7 branch. The vulnerability allows for RFI/LFI via the BACK_PATH global variable, requiring register_globals to be enabled and a null-byte termination for successful exploitation.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Typo3 v4.5.0 up to 4.5.8, 4.6.0 and 4.6.1 (+ development releases of 4.7 branch)

No auth needed

Prerequisites: register_globals enabled in php.ini · allow_url_include enabled for RFI

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1210 - Exploitation of Remote Services

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://www.osvdb.org/77776

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/47201

Mailing List mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2011/12/16/1

Patch, Vendor Advisory x_refsource_confirm

http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2011-004/

Various Sources x_refsource_confirm

http://typo3.org/fileadmin/security-team/bug32571/32571.diff

Scores

EPSS 0.0569

EPSS Percentile 92.0%

Details

CWE

CWE-94

Status published

Products (11)

typo3/typo3 4.5

typo3/typo3 4.5.1

typo3/typo3 4.5.2

typo3/typo3 4.5.3

typo3/typo3 4.5.4

typo3/typo3 4.5.5

typo3/typo3 4.5.6

typo3/typo3 4.5.7

typo3/typo3 4.5.8

typo3/typo3 4.6

... and 1 more

Published Feb 18, 2012

Tracked Since Feb 18, 2026