Description
PHP remote file inclusion vulnerability in Classes/Controller/AbstractController.php in the workspaces system extension in TYPO3 4.5.x before 4.5.9, 4.6.x before 4.6.2, and development versions of 4.7 allows remote attackers to execute arbitrary PHP code via a URL in the BACK_PATH parameter.
Remediation
References
Related Vulnerabilities
WordPress Plugin IMPress for IDX Broker Multiple Vulnerabilities (2.6.1)
WordPress Plugin Arabic Font Multiple Vulnerabilities (1.2)
MySQL Other Vulnerability (CVE-2010-3681)
Internet Information Services Other Vulnerability (CVE-2001-0544)
Oracle Database Server CVE-2019-2776 Vulnerability (CVE-2019-2776)