Detections
Analytics

FreeBSD : typo3 -- Remote Code Execution (3c957a3e-2978-11e1-89b4-001ec9578670)

medium Nessus Plugin ID 57329

Language:

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

The typo3 security team reports :

A crafted request to a vulnerable TYPO3 installation will allow an attacker to load PHP code from an external source and to execute it on the TYPO3 installation.

This is caused by a PHP file, which is part of the workspaces system extension, that does not validate passed arguments.

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?f60d22ba

http://www.nessus.org/u?96233330

Plugin Details

Severity: Medium

ID: 57329

File Name: freebsd_pkg_3c957a3e297811e189b4001ec9578670.nasl

Version: 1.10

Type: local

Published: 12/19/2011

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:typo3, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 12/18/2011

Vulnerability Publication Date: 12/16/2011

Exploitable With

Elliot (TYPO3 4.5.8/4.6.1 RFI)

Reference Information

CVE: CVE-2011-4614