ID:4278 - Exploit for Code Injection in TYPO3 - CVE-2011-4614
Published: August 11, 2020
Vulnerability identifier: #VU44259
Vulnerability risk: Medium
CVE-ID: CVE-2011-4614
CWE-ID: CWE-94
Exploitation vector: Remote access
Vulnerable software:
TYPO3
TYPO3
Link to public exploit:
Vulnerability description
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
PHP remote file inclusion vulnerability in Classes/Controller/AbstractController.php in the workspaces system extension in TYPO3 4.5.x before 4.5.9, 4.6.x before 4.6.2, and development versions of 4.7 allows remote attackers to execute arbitrary PHP code via a URL in the BACK_PATH parameter.
Remediation
Install update from vendor's website.