GHSA-M4HW-R893-XH4G TYPO3 allows remote authenticated backend users to unserialize arbitrary objects

viewhelp.php in the backend help system in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote authenticated backend users to unserialize arbitrary objects and possibly execute arbitrary PHP code via an unspecified parameter, related to a "missing signature HMAC."...

TYPO3 allows remote authenticated backend users to unserialize arbitrary objects

viewhelp.php in the backend help system in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote authenticated backend users to unserialize arbitrary objects and possibly execute arbitrary PHP code via an unspecified parameter, related to a "missing signature HMAC."...

USN-2391-1 php5 vulnerabilities

Symeon Paraschoudis discovered that PHP incorrectly handled the mkgmtime function. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. CVE-2014-3668 Symeon Paraschoudis discovered that PHP incorrectly handled unserializing objects. A remote...

UBUNTU-CVE-2013-7075

The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote authenticated backend users to unserialize arbitrary PHP objects, delete arbitrary files, and possibly have other unspecified impacts via an...

PT-2012-4786 · Typo3 · Typo3

Name of the Vulnerable Software and Affected Versions: TYPO3 versions 4.5.x through 4.5.18 TYPO3 versions 4.6.x through 4.6.11 TYPO3 versions 4.7.x through 4.7.3 Description: The issue allows remote authenticated backend users to unserialize arbitrary objects and possibly execute arbitrary PHP co...