Lucene search

[email protected]CVE-2011-4614

HistoryOct 03, 2022 - 4:15 p.m.

CVE-2011-4614

2022-10-0316:15:14

CWE-94

[email protected]

web.nvd.nist.gov

cve

2011

4614

php

remote file inclusion

typo3

security

vulnerability

nvd

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

7.5 High

AI Score

Confidence

Low

0.134 Low

EPSS

Percentile

95.6%

JSON

PHP remote file inclusion vulnerability in Classes/Controller/AbstractController.php in the workspaces system extension in TYPO3 4.5.x before 4.5.9, 4.6.x before 4.6.2, and development versions of 4.7 allows remote attackers to execute arbitrary PHP code via a URL in the BACK_PATH parameter.

Affected configurations

NVD

Node

typo3typo3Match4.5

typo3typo3Match4.5.1

typo3typo3Match4.5.2

typo3typo3Match4.5.3

typo3typo3Match4.5.4

typo3typo3Match4.5.5

typo3typo3Match4.5.6

typo3typo3Match4.5.7

typo3typo3Match4.5.8

Node

typo3typo3Match4.6

typo3typo3Match4.6.1

CPENameOperatorVersion
typo3:typo3typo3eq4.5
typo3:typo3typo3eq4.5.1
typo3:typo3typo3eq4.5.2
typo3:typo3typo3eq4.5.3
typo3:typo3typo3eq4.5.4
typo3:typo3typo3eq4.5.5
typo3:typo3typo3eq4.5.6
typo3:typo3typo3eq4.5.7
typo3:typo3typo3eq4.5.8

CPE	Name	Operator	Version
typo3:typo3	typo3	eq	4.5
typo3:typo3	typo3	eq	4.5.1
typo3:typo3	typo3	eq	4.5.2
typo3:typo3	typo3	eq	4.5.3
typo3:typo3	typo3	eq	4.5.4
typo3:typo3	typo3	eq	4.5.5
typo3:typo3	typo3	eq	4.5.6
typo3:typo3	typo3	eq	4.5.7
typo3:typo3	typo3	eq	4.5.8