Description
PHP remote file inclusion vulnerability in Classes/Controller/AbstractController.php in the workspaces system extension in TYPO3 4.5.x before 4.5.9, 4.6.x before 4.6.2, and development versions of 4.7 allows remote attackers to execute arbitrary PHP code via a URL in the BACK_PATH parameter.
Remediation
References
Related Vulnerabilities
WordPress Plugin Header Footer Code Manager Cross-Site Scripting (1.1.16)
WordPress Plugin WP Symposium Arbitrary File Upload (14.11)
Jenkins Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-1000410)
WordPress Plugin Yasr-Yet Another Stars Rating SQL Injection (0.9.0)