PT-2013-6258 · Typo3 · Typo3
Rupert Germann
·
Publicado
2013-12-23
·
Atualizado
2022-05-17
·
CVE-2013-7075
CVSS v2.0
6.5
Média
| Vetor | AV:N/AC:L/Au:S/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
TYPO3 versions 4.5.0 through 4.5.31
TYPO3 versions 4.7.0 through 4.7.16
TYPO3 versions 6.0.0 through 6.0.11
TYPO3 versions 6.1.0 through 6.1.6
Description
The issue allows remote authenticated backend users to unserialize arbitrary PHP objects, delete arbitrary files, and possibly have other unspecified impacts via an unspecified parameter, related to a "missing signature."
Recommendations
For versions 4.5.0 through 4.5.31, update to a version outside of this range to mitigate the risk.
For versions 4.7.0 through 4.7.16, update to a version outside of this range to mitigate the risk.
For versions 6.0.0 through 6.0.11, update to a version outside of this range to mitigate the risk.
For versions 6.1.0 through 6.1.6, update to a version outside of this range to mitigate the risk.
Correção
Deserialization of Untrusted Data
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Typo3