Description
The Extbase Framework in TYPO3 4.6.x through 4.6.6, 4.7, and 6.0 unserializes untrusted data, which allows remote attackers to unserialize arbitrary objects and possibly execute arbitrary code via vectors related to "a missing signature (HMAC) for a request argument."
Remediation
References
Related Vulnerabilities
Squid Out-of-bounds Write Vulnerability (CVE-2019-12519)
MyBB Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-4629)
WordPress Plugin Social Sharing-Sassy Social Share Cross-Site Scripting (3.3.39)
MySQL CVE-2013-3805 Vulnerability (CVE-2013-3805)
WordPress Plugin Page and Post Clone Information Disclosure (1.1)