TYPO3 Arbitrary Code Execution Vulnerability (CNVD-2017-01648)

TYPO3 is a free and open source content management system framework CMS/CMF maintained by the TYPO3 Association in Switzerland. contextswurfl is one of the extensions for detecting mobile devices and adjusting TYPO3 output. A security vulnerability exists in versions of the TYPO3 contextswurfl...

CVE-2017-5962

An issue was discovered in contextswurfl for TYPO3 before 0.4.2. The vulnerability exists due to insufficient filtration of user-supplied data in the "forceua" HTTP GET parameter passed to the "/contextswurfl/Library/wurfl-dbapi-1.4.4.0/checkwurfl.php" URL. An attacker could execute arbitrary HTM...