CVE-2012-3527

Published: 05 September 2012

view_help.php in the backend help system in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote authenticated backend users to unserialize arbitrary objects and possibly execute arbitrary PHP code via an unspecified parameter, related to a "missing signature (HMAC)."

Priority

Medium

Status

Package Release Status
typo3-src
Launchpad, Ubuntu, Debian
Upstream
Released (4.5.19+dfsg1-1)
Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [4.5.19+dfsg1-1])