Executive Summary

Informations
NameCVE-2011-4614First vendor Publication2012-02-17
VendorCveLast vendor Modification2012-02-29

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Cvss Base Score6.8Attack RangeNetwork
Cvss Impact Score6.4Attack ComplexityMedium
Cvss Expoit Score8.6AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

PHP remote file inclusion vulnerability in Classes/Controller/AbstractController.php in the workspaces system extension in TYPO3 4.5.x before 4.5.9, 4.6.x before 4.6.2, and development versions of 4.7 allows remote attackers to execute arbitrary PHP code via a URL in the BACK_PATH parameter.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4614

CWE : Common Weakness Enumeration

idName
CWE-94Failure to Control Generation of Code ('Code Injection')

CPE : Common Platform Enumeration

TypeDescriptionCount
Application11

OpenVAS Exploits

DateDescription
2012-02-22Name : TYPO3 'BACK_PATH' Parameter Local File Include Vulnerability
File : nvt/secpod_typo3_back_path_lfi_vuln.nasl
0000-00-00Name : FreeBSD Ports: typo3
File : nvt/freebsd_typo33.nasl

Nessus® Vulnerability Scanner

DateDescription
2011-12-23Name : The remote web server contains a PHP script that is affected by a remote file...
File : typo3_462_rfi.nasl - Type : ACT_ATTACK
2011-12-19Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_3c957a3e297811e189b4001ec9578670.nasl - Type : ACT_GATHER_INFO

Internal Sources (Detail)

SourceUrl
CONFIRMhttp://typo3.org/fileadmin/security-team/bug32571/32571.diff
http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2...
MLISThttp://www.openwall.com/lists/oss-security/2011/12/16/1
OSVDBhttp://www.osvdb.org/77776
SECUNIAhttp://secunia.com/advisories/47201

Alert History

If you want to see full details history, please login or register.
0
1
DateInformations
2014-02-17 11:06:27
  • Multiple Updates
2013-05-10 23:11:04
  • Multiple Updates