Description
PHP remote file inclusion vulnerability in Classes/Controller/AbstractController.php in the workspaces system extension in TYPO3 4.5.x before 4.5.9, 4.6.x before 4.6.2, and development versions of 4.7 allows remote attackers to execute arbitrary PHP code via a URL in the BACK_PATH parameter.
Remediation
References
Related Vulnerabilities
WordPress 4.8.x Denial of Service Vulnerability (4.8 - 4.8.5)
WordPress Plugin PHP Event Calendar for WordPress Arbitrary File Upload (1.6)
Caddy Web Server URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2022-28923)
SharePoint CVE-2023-36892 Vulnerability (CVE-2023-36892)
IBM WebSEAL Improper Input Validation Vulnerability (CVE-2021-20496)