PT-2013-6258 · Typo3 · Typo3
Rupert Germann
·
Published
2013-12-23
·
Updated
2022-05-17
·
CVE-2013-7075
CVSS v2.0
6.5
Medium
| Vector | AV:N/AC:L/Au:S/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
TYPO3 versions 4.5.0 through 4.5.31
TYPO3 versions 4.7.0 through 4.7.16
TYPO3 versions 6.0.0 through 6.0.11
TYPO3 versions 6.1.0 through 6.1.6
Description
The issue allows remote authenticated backend users to unserialize arbitrary PHP objects, delete arbitrary files, and possibly have other unspecified impacts via an unspecified parameter, related to a "missing signature."
Recommendations
For versions 4.5.0 through 4.5.31, update to a version outside of this range to mitigate the risk.
For versions 4.7.0 through 4.7.16, update to a version outside of this range to mitigate the risk.
For versions 6.0.0 through 6.0.11, update to a version outside of this range to mitigate the risk.
For versions 6.1.0 through 6.1.6, update to a version outside of this range to mitigate the risk.
Fix
Deserialization of Untrusted Data
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Typo3