CVE-2012-3527

high

Description

view_help.php in the backend help system in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote authenticated backend users to unserialize arbitrary objects and possibly execute arbitrary PHP code via an unspecified parameter, related to a "missing signature (HMAC)."

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/77791

http://www.openwall.com/lists/oss-security/2012/08/22/8

http://www.debian.org/security/2012/dsa-2537

http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004/

http://secunia.com/advisories/50287

Details

Source: Mitre, NVD

Published: 2012-09-05

Updated: 2024-01-21

Risk Information

CVSS v2

Base Score: 4.6

Vector: CVSS2#AV:N/AC:H/Au:S/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High