2 matches found
Typo3 v4.5-4.7 - Remote Code Execution (RFI/LFI)
No description provided by source. Exploit Title: Typo3 v4.5-4.7 - Remote Code Execution RFI/LFI Date: 4th January 2012 Author: MaXe Software Link: https://typo3.org/download/ Version: 4.5.0 up to 4.5.8, 4.6.0 and 4.6.1 + development releases of 4.7 branch Typo3 v4.5-4.7 - Remote Code Execution...
TYPO3 'AbstractController.php' 'BACK_PATH' Parameter Remote File Inclusion
The version of TYPO3 installed on the remote host fails to sanitize user-supplied input to the 'BACKPATH' parameter of the 'AbstractController.php' script before using it in a PHP 'requireonce' call to include PHP code for execution. Provided that PHP's 'registerglobals' setting is enabled, a...