Summary
This host is running TYPO3 and is prone to local file inclusion vulnerability.
Impact
Successful exploitation could allow an attacker to obtain arbitrary local files in the context of an affected site.
Impact Level: Application
Solution
Upgrade to TYPO3 version 4.5.9 or 4.6.2 or later,
For updates refer to http://typo3.org/download/packages/
Insight
The flaw is due to an input passed to the 'BACK_PATH' parameter in 'typo3/sysext/workspaces/Classes/Controller/AbstractController.php' is not properly verified before being used to include files.
Affected
TYPO3 version 4.5.x before 4.5.9, 4.6.x before 4.6.2 and development versions of 4.7
Detection
Send a Crafted HTTP GET request and check whether it is able to get sensitive information.
References
Severity
Classification
-
CVE CVE-2011-4614 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities