The Extbase Framework in TYPO3 4.6.x up to and including 4.6.6, 4.7, and 6.0 unserializes untrusted data, which allows remote malicious users to unserialize arbitrary objects and possibly execute arbitrary code via vectors related to "a missing signature (HMAC) for a request argument."
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
typo3 typo3 4.6.2 |
||
typo3 typo3 4.6.4 |
||
typo3 typo3 4.6.6 |
||
typo3 typo3 4.7 |
||
typo3 typo3 6.0 |
||
typo3 typo3 4.6 |
||
typo3 typo3 4.6.0 |
||
typo3 typo3 4.6.1 |
||
typo3 typo3 4.6.3 |
||
typo3 typo3 4.6.5 |