CVE-2012-1605

critical

Description

The Extbase Framework in TYPO3 4.6.x through 4.6.6, 4.7, and 6.0 unserializes untrusted data, which allows remote attackers to unserialize arbitrary objects and possibly execute arbitrary code via vectors related to "a missing signature (HMAC) for a request argument."

References

http://www.securityfocus.com/bid/52771

http://www.osvdb.org/80759

http://www.openwall.com/lists/oss-security/2012/03/30/4

http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-001/

Details

Source: Mitre, NVD

Published: 2012-09-04

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.0094