Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-3527

Overview

Vulnerability Score 4.6 4.6
CVE Id CVE-2012-3527
Last Modified 06 Nov 2012 12:14:03
Published 05 Sep 2012 07:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication SINGLE_INSTANCE

CVE-2012-3527

Summary

view_help.php in the backend help system in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote authenticated backend users to unserialize arbitrary objects and possibly execute arbitrary PHP code via an unspecified parameter, related to a "missing signature (HMAC)."

Vulnerable Systems

Application

  • Typo3 4.5

  • Typo3 4.5.0

  • Typo3 4.5.1

  • Typo3 4.5.10

  • Typo3 4.5.11

  • Typo3 4.5.12

  • Typo3 4.5.13

  • Typo3 4.5.14

  • Typo3 4.5.15

  • Typo3 4.5.16

  • Typo3 4.5.17

  • Typo3 4.5.18

  • Typo3 4.5.2

  • Typo3 4.5.3

  • Typo3 4.5.4

  • Typo3 4.5.5

  • Typo3 4.5.6

  • Typo3 4.5.7

  • Typo3 4.5.8

  • Typo3 4.5.9

  • Typo3 4.6

  • Typo3 4.6.0

  • Typo3 4.6.1

  • Typo3 4.6.10

  • Typo3 4.6.11

  • Typo3 4.6.2

  • Typo3 4.6.3

  • Typo3 4.6.4

  • Typo3 4.6.5

  • Typo3 4.6.6

  • Typo3 4.6.7

  • Typo3 4.6.8

  • Typo3 4.6.9

  • Typo3 4.7

  • Typo3 4.7.0

  • Typo3 4.7.1

  • Typo3 4.7.2

  • Typo3 4.7.3


References

XF - typo3-viewhelp-code-exec(77791)

MLIST - [oss-security] 20120822 Re: CVE request: Typo3

CONFIRM - http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004/

SECUNIA - 50287

OSVDB - 84773

DEBIAN - DSA-2537


Last Updated: 27 May 2016 11:00:28