FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

typo3 -- Remote Code Execution

Affected packages
4.6 <= typo3 < 4.6.2
typo3 < 4.5.9


VuXML ID 3c957a3e-2978-11e1-89b4-001ec9578670
Discovery 2011-12-16
Entry 2011-12-18

The typo3 security team reports:

A crafted request to a vulnerable TYPO3 installation will allow an attacker to load PHP code from an external source and to execute it on the TYPO3 installation.

This is caused by a PHP file, which is part of the workspaces system extension, that does not validate passed arguments.


CVE Name CVE-2011-4614