FreeBSD : typo3 -- Remote Code Execution (3c957a3e-2978-11e1-89b4-001ec9578670)

Medium Nessus Plugin ID 57329


The remote FreeBSD host is missing one or more security-related updates.


The typo3 security team reports :

A crafted request to a vulnerable TYPO3 installation will allow an attacker to load PHP code from an external source and to execute it on the TYPO3 installation.

This is caused by a PHP file, which is part of the workspaces system extension, that does not validate passed arguments.


Update the affected packages.

See Also

Plugin Details

Severity: Medium

ID: 57329

File Name: freebsd_pkg_3c957a3e297811e189b4001ec9578670.nasl

Version: $Revision: 1.5 $

Type: local

Published: 2011/12/19

Modified: 2013/06/21

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:typo3, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2011/12/18

Vulnerability Publication Date: 2011/12/16

Exploitable With

Elliot (TYPO3 4.5.8/4.6.1 RFI)

Reference Information

CVE: CVE-2011-4614