7 matches found
Deserialization of Untrusted Data
Overview typo3/cms-extbase is a TYPO3 CMS Extbase - Extension framework to create TYPO3 frontend plugins and TYPO3 backend modules. Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the VariableFrontend or Registry. An attacker can execute arbitrary PHP cod...
EUVD-2022-4501
Malicious code in bioql PyPI...
EUVD-2022-3022
Malicious code in bioql PyPI...
CVE-2012-1605
The Extbase Framework in TYPO3 4.6.x through 4.6.6, 4.7, and 6.0 unserializes untrusted data, which allows remote attackers to unserialize arbitrary objects and possibly execute arbitrary code via vectors related to "a missing signature HMAC for a request argument."...
SUSE CVE-2013-1842
SQL injection vulnerability in the Extbase Framework in TYPO3 4.5.x before 4.5.24, 4.6.x before 4.6.17, 4.7.x before 4.7.9, and 6.0.x before 6.0.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to "the Query Object Model and relation values."...
The vulnerability of the extbase extension of the TYPO3 content management system allows a hacker to execute arbitrary code.
The vulnerability of the extbase extension of the TYPO3 content management system arises from deserialization issues. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
CVE-2016-5091
Extbase in TYPO3 4.3.0 before 6.2.24, 7.x before 7.6.8, and 8.1.1 allows remote attackers to obtain sensitive information or possibly execute arbitrary code via a crafted Extbase action...