4.6 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:S/C:P/I:P/A:P
7.2 High
AI Score
Confidence
Low
0.003 Low
EPSS
Percentile
68.2%
view_help.php in the backend help system in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote authenticated backend users to unserialize arbitrary objects and possibly execute arbitrary PHP code via an unspecified parameter, related to a “missing signature (HMAC).”
CPE | Name | Operator | Version |
---|---|---|---|
typo3:typo3 | typo3 | lt | 4.5.19 |
typo3:typo3 | typo3 | lt | 4.6.12 |
typo3:typo3 | typo3 | lt | 4.7.4 |