Description

PHP remote file inclusion vulnerability in the autoloader in TYPO3 4.3.x before 4.3.3 allows remote attackers to execute arbitrary PHP code via a URL in an input field associated with the className variable.

Remediation

References

CVE-2010-1153

Related Vulnerabilities

ClipBucket Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2018-7666)

Apache HTTP Server Other Vulnerability (CVE-2002-1233)

WordPress 4.2.x Multiple Vulnerabilities (4.2 - 4.2.12)

WordPress Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2008-0618)

Serendipity Other Vulnerability (CVE-2009-4412)

Severity

Medium

Classification

CVE-2010-1153 CWE-94

Tags

Missing Update Known Vulnerabilities