TYPO3 Autoloader Command Execution Vulnerability Network Vulnerability

Summary

This host is installed with TYPO3 and is prone to command execution vulnerability.

Impact

Successful exploitation will allow attackers to execute arbitrary PHP code. Impact Level: System/Application

Solution

Upgrade to TYPO3 version 4.3.3 or later, For updates refer to, http://typo3.org/ or Apply patch from the below vendor advisory link http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-008/

Insight

An error exist in autoloader, which does not validate passed arguments properly.

Affected

TYPO3 versions 4.3.0 to 4.3.2

Detection

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

References

http://osvdb.org/63602
http://secunia.com/advisories/39287/
http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-008/

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-1153

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Admidio get_file.php Remote File Disclosure Vulnerability
Adobe ColdFusion Multiple Vulnerabilities-03 May-2014
AN Guestbook Local File Inclusion Vulnerability
Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities
3Com NBX VoIP NetSet Detection

Take action and discover your vulnerabilities