Main Vulnerability Database Vulnerabilities #VU43634

Input validation error in TYPO3 - CVE-2012-1605

Published: September 4, 2012 / Updated: August 11, 2020

Vulnerability identifier: #VU43634

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2012-1605

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: TYPO3

Affected software:
TYPO3

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to manipulate data.

The Extbase Framework in TYPO3 4.6.x through 4.6.6, 4.7, and 6.0 unserializes untrusted data, which allows remote attackers to unserialize arbitrary objects and possibly execute arbitrary code via vectors related to "a missing signature (HMAC) for a request argument."

How to mitigate CVE-2012-1605

Install update from vendor's website.

Sources

http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-001/
http://www.openwall.com/lists/oss-security/2012/03/30/4
http://www.osvdb.org/80759
http://www.securityfocus.com/bid/52771

Input validation error in TYPO3 - CVE-2012-1605

Detailed vulnerability description

How to mitigate CVE-2012-1605

Sources

Please verify you're human