CVE-2012-1605

Name of the Vulnerable Software and Affected Versions TYPO3 versions 4.6.x through 4.6.6 TYPO3 version 4.7 TYPO3 version 6.0

Description The Extbase Framework in TYPO3 unserializes untrusted data, allowing remote attackers to possibly execute arbitrary code via vectors related to a missing signature for a request argument.

Recommendations For TYPO3 versions 4.6.x through 4.6.6, consider disabling the Extbase Framework until a patch is available. For TYPO3 version 4.7, restrict access to the Extbase Framework to minimize the risk of exploitation. For TYPO3 version 6.0, avoid using the Extbase Framework in untrusted environments until the issue is resolved.