The Ajax dispatcher for Extbase in the Yet Another Gallery (yag) extension prior to 3.0.1 and Tools for Extbase development (pt_extbase) extension prior to 1.5.1 allows remote malicious users to bypass access restrictions and execute arbitrary controller actions via unspecified vectors.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
daniel lienert yet another gallery |
||
michael knoll tools for extbase developmen |