Lucene search

[email protected]CVE-2012-3527

HistorySep 05, 2012 - 11:55 p.m.

CVE-2012-3527

2012-09-0523:55:01

CWE-502

[email protected]

web.nvd.nist.gov

cve-2012-3527

typo3

php code execution

unserialize vulnerability

information security

nvd

4.6 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:S/C:P/I:P/A:P

7.2 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

68.2%

JSON

view_help.php in the backend help system in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote authenticated backend users to unserialize arbitrary objects and possibly execute arbitrary PHP code via an unspecified parameter, related to a “missing signature (HMAC).”

Affected configurations

NVD

Node

typo3typo3Range4.5.0–4.5.19

typo3typo3Range4.6.0–4.6.12

typo3typo3Range4.7.0–4.7.4

Node

debiandebian_linuxMatch6.0

debiandebian_linuxMatch7.0

CPENameOperatorVersion
typo3:typo3typo3lt4.5.19
typo3:typo3typo3lt4.6.12
typo3:typo3typo3lt4.7.4

CPE	Name	Operator	Version
typo3:typo3	typo3	lt	4.5.19
typo3:typo3	typo3	lt	4.6.12
typo3:typo3	typo3	lt	4.7.4

References

osvdb.org/84773

secunia.com/advisories/50287

typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004/

www.debian.org/security/2012/dsa-2537

www.openwall.com/lists/oss-security/2012/08/22/8

exchange.xforce.ibmcloud.com/vulnerabilities/77791

4.6 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:S/C:P/I:P/A:P

7.2 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

68.2%

JSON

Related for CVE-2012-3527

nvd1 ubuntucve1 prion1 cvelist1 osv1 nessus1 openvas3 debian1 securityvulns2