Description
PHP remote file inclusion vulnerability in Classes/Controller/AbstractController.php in the workspaces system extension in TYPO3 4.5.x before 4.5.9, 4.6.x before 4.6.2, and development versions of 4.7 allows remote attackers to execute arbitrary PHP code via a URL in the BACK_PATH parameter.
Remediation
References
Related Vulnerabilities
WordPress Plugin Google Doc Embedder Cross-Site Scripting (2.5.18)
WordPress Plugin Funky Penguin WP-PHPList 'unsubscribeemail' Parameter Cross-Site Scripting (2.10.2)
Oracle Application Server Credentials Management Errors Vulnerability (CVE-2002-2345)
WordPress Plugin Fast Velocity Minify Information Disclosure (2.7.6)