Vulnerability Description
view_help.php in the backend help system in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote authenticated backend users to unserialize arbitrary objects and possibly execute arbitrary PHP code via an unspecified parameter, related to a "missing signature (HMAC)."
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Typo3 | Typo3 | >= 4.5.0, < 4.5.19 |
| Debian | Debian Linux | 6.0 |
Related Weaknesses (CWE)
References
- http://osvdb.org/84773Broken Link
- http://secunia.com/advisories/50287Not Applicable
- http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012Vendor Advisory
- http://www.debian.org/security/2012/dsa-2537Third Party Advisory
- http://www.openwall.com/lists/oss-security/2012/08/22/8Mailing List
- https://exchange.xforce.ibmcloud.com/vulnerabilities/77791Third Party AdvisoryVDB Entry
- http://osvdb.org/84773Broken Link
- http://secunia.com/advisories/50287Not Applicable
- http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012Vendor Advisory
- http://www.debian.org/security/2012/dsa-2537Third Party Advisory
- http://www.openwall.com/lists/oss-security/2012/08/22/8Mailing List
- https://exchange.xforce.ibmcloud.com/vulnerabilities/77791Third Party AdvisoryVDB Entry
FAQ
What is CVE-2012-3527?
CVE-2012-3527 is a vulnerability with a CVSS score of 4.6 (MEDIUM). view_help.php in the backend help system in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote authenticated backend users to unserialize arbitrary objects and possibl...
How severe is CVE-2012-3527?
CVE-2012-3527 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-3527?
Check the references section above for vendor advisories and patch information. Affected products include: Typo3 Typo3, Debian Debian Linux.