view_help.php in the backend help system in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote authenticated backend users to unserialize arbitrary objects and possibly execute arbitrary PHP code via an unspecified parameter, related to a "missing signature (HMAC)."

Threat-Mapped Scoring

Score: 0.0

Priority: Unclassified

EPSS

Score: 0.02065
Percentile: 0.83153

CVSS Scoring

Mapped CWE(s)

• CWE-502 : Deserialization of Untrusted Data

All CAPEC(s)

CAPEC(s) with Mapped TTPs

Mapped ATT&CK TTPs

Affected Products

• cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*
• cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*
• cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*
• cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
• cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*

← Back to Home