CVE-2012-3527 – typo3/cms

Package

Manager: composer
Name: typo3/cms
Vulnerable Version: >=4.5.0 <4.5.19 || >=4.6.0 <4.6.12 || >=4.7.0 <4.7.4

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

EPSS: 0.02065 pctl0.83229

Details

TYPO3 allows remote authenticated backend users to unserialize arbitrary objects view_help.php in the backend help system in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote authenticated backend users to unserialize arbitrary objects and possibly execute arbitrary PHP code via an unspecified parameter, related to a "missing signature (HMAC)."

Metadata

Created: 2022-05-17T01:43:58Z
Modified: 2025-04-12T03:01:43Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-m4hw-r893-xh4g/GHSA-m4hw-r893-xh4g.json
CWE IDs: ["CWE-502"]
Alternative ID: GHSA-m4hw-r893-xh4g
Finding: F096
Auto approve: 1