Description

TYPO3 3.8.0 and earlier allows remote attackers to obtain sensitive information via a direct request to misc/phpcheck/, which invokes the phpinfo function and prints values of unspecified environment variables.

Remediation

References

CVE-2005-4875

Related Vulnerabilities

WordPress Plugin Fast Secure Contact Form 'index.php' Cross-Site Scripting (3.0.3.1)

WordPress Plugin Live Chat-Live support Cross-Site Request Forgery (3.1.0)

Dot CMS Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2016-8902)

Moodle Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-7491)

Moodle Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2021-21809)

Severity

High

Classification

CVE-2005-4875 CWE-200

Tags

Missing Update Known Vulnerabilities