CVE-2012-1605
TYPO3 4.6.0-4.6.6, 4.7, 6.0 - Remote Code Execution via Extbase Framework Unserialization
Title source: llmDescription
The Extbase Framework in TYPO3 4.6.x through 4.6.6, 4.7, and 6.0 unserializes untrusted data, which allows remote attackers to unserialize arbitrary objects and possibly execute arbitrary code via vectors related to "a missing signature (HMAC) for a request argument."
References (4)
Core 4
Core References
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/03/30/4
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/80759
Vendor Advisory x_refsource_confirm
http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-001/
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/52771
Scores
EPSS
0.0094
EPSS Percentile
76.5%
Details
Status
published
Products (11)
typo3/cms
4.6 - 4.6.7Packagist
typo3/typo3
4.6
typo3/typo3
4.6.0
typo3/typo3
4.6.1
typo3/typo3
4.6.2
typo3/typo3
4.6.3
typo3/typo3
4.6.4
typo3/typo3
4.6.5
typo3/typo3
4.6.6
typo3/typo3
4.7
... and 1 more
Published
Sep 04, 2012
Tracked Since
Feb 18, 2026