CVE-2011-4614

Published Feb 18, 2012

Last updated 13 years ago

Overview

Description: PHP remote file inclusion vulnerability in Classes/Controller/AbstractController.php in the workspaces system extension in TYPO3 4.5.x before 4.5.9, 4.6.x before 4.6.2, and development versions of 4.7 allows remote attackers to execute arbitrary PHP code via a URL in the BACK_PATH parameter.
Source: secalert@redhat.com
NVD status: Analyzed

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 6.8
Impact score: 6.4
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-94

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:typo3:typo3:4.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9788D5CD-FEAA-4D07-8252-4176AD0BC0C3"
          },
          {
            "criteria": "cpe:2.3:a:typo3:typo3:4.5.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "868534F5-9CEE-48F8-BD2F-EDD8F9F5D302"
          },
          {
            "criteria": "cpe:2.3:a:typo3:typo3:4.5.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3AD9A9F1-28EA-4B39-9D2D-74E7F86B1355"
          },
          {
            "criteria": "cpe:2.3:a:typo3:typo3:4.5.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4D2B855F-5281-4DE6-A3C2-F579FDE5FD60"
          },
          {
            "criteria": "cpe:2.3:a:typo3:typo3:4.5.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4F773E8B-F81C-4A04-8A78-0576CB899A43"
          },
          {
            "criteria": "cpe:2.3:a:typo3:typo3:4.5.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D2B48937-411B-468D-B35C-73BA0DCE7A03"
          },
          {
            "criteria": "cpe:2.3:a:typo3:typo3:4.5.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "867200CE-C689-4E6F-9D56-565B6D841494"
          },
          {
            "criteria": "cpe:2.3:a:typo3:typo3:4.5.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E3EDD9F0-BBE2-4A79-B1A1-6CD31939A5EE"
          },
          {
            "criteria": "cpe:2.3:a:typo3:typo3:4.5.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1AAEAFB6-4FA3-4586-A7D6-ED269433220A"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:typo3:typo3:4.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4D42D56A-2A1D-4FAA-961D-304E916BEF80"
          },
          {
            "criteria": "cpe:2.3:a:typo3:typo3:4.6.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5FAAF258-882A-46AE-B32C-7569A79C1DAC"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References