FreeBSD : typo3 -- Missing access check in Extbase (3caf4e6c-4cef-11e6-a15f-00248c0c745d)
Medium Nessus Plugin ID 92448
SynopsisThe remote FreeBSD host is missing one or more security-related updates.
DescriptionTYPO3 reports :
Extbase request handling fails to implement a proper access check for requested controller/ action combinations, which makes it possible for an attacker to execute arbitrary Extbase actions by crafting a special request. To successfully exploit this vulnerability, an attacker must have access to at least one Extbase plugin or module action in a TYPO3 installation. The missing access check inevitably leads to information disclosure or remote code execution, depending on the action that an attacker is able to execute.
SolutionUpdate the affected packages.