CVE-2011-4614

EPSS 5.6%

PHP remote file inclusion vulnerability in Classes/Controller/AbstractController.php in the workspaces system extension in TYPO3 4.5.x before 4.5.9, 4.6.x before 4.6.2, and development versions of 4.7 allows remote attackers to execute arbitrary PHP code via a URL in the BACK_PATH parameter.

Affected products

n/a · n/a

public PoCs found — 1

exploitdbwww.exploit-db.com/exploits/18308unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://secunia.com/advisories/47201 http://typo3.org/fileadmin/security-team/bug32571/32571.diff http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2011-004/http://www.openwall.com/lists/oss-security/2011/12/16/1 http://www.osvdb.org/77776