Stefan Horlacher

**Name of the Vulnerable Software and Affected Versions** TYPO3 versions 4.3.0 through 6.2.24 TYPO3 versions 7.x through 7.6.8 TYPO3 version 8.1.1 **Description** The issue allows remote attackers to obtain sensitive information or possibly execute arbitrary code via a crafted Extbase action. It is caused by deserialization problems in the Extbase extension of the TYPO3 content management system. Exploitation of the issue may allow a remote attacker to execute arbitrary code. **Recommendations** For TYPO3 versions 4.3.0 through 6.2.24, update to version 6.2.24 or later. For TYPO3 versions 7.x through 7.6.8, update to version 7.6.8 or later. For TYPO3 version 8.1.1, update to a later version.