CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
EPSS
Percentile
86.7%
The Extbase Framework in TYPO3 4.6.x through 4.6.6, 4.7, and 6.0
unserializes untrusted data, which allows remote attackers to unserialize
arbitrary objects and possibly execute arbitrary code via vectors related
to “a missing signature (HMAC) for a request argument.”
To our knowledge it is neither possible to inject code through this
vulnerability, nor are there exploitable objects within the TYPO3 Core.
However, there might be exploitable objects within third party extensions.
Author | Note |
---|---|
tyhicks | Versions 4.4.x and 4.5.x are not affected by this vulnerabilty. |