Description
PHP remote file inclusion vulnerability in Classes/Controller/AbstractController.php in the workspaces system extension in TYPO3 4.5.x before 4.5.9, 4.6.x before 4.6.2, and development versions of 4.7 allows remote attackers to execute arbitrary PHP code via a URL in the BACK_PATH parameter.
Remediation
References
Related Vulnerabilities
WordPress Plugin Access Demo Importer Arbitrary File Upload (1.0.6)
WordPress 5.0.x Multiple Vulnerabilities (5.0 - 5.0.4)
Atlassian Jira Missing Authentication for Critical Function Vulnerability (CVE-2019-8449)
PostgreSQL Other Vulnerability (CVE-2005-1409)
PostgreSQL Permissions, Privileges, and Access Controls Vulnerability (CVE-2006-0553)