CVE-2010-1153

Description

PHP remote file inclusion vulnerability in the autoloader in TYPO3 4.3.x before 4.3.3 allows remote attackers to execute arbitrary PHP code via a URL in an input field associated with the className variable.

Affected Software
References

Software	From	Fixed in
typo3 / typo3	4.3.0	4.3.0.x
typo3 / typo3	4.3.1	4.3.1.x
typo3 / typo3	4.3.2	4.3.2.x

http://marc.info/?l=oss-security&m=127092306209177&w=2
http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-008/
http://www.openwall.com/lists/oss-security/2010/04/12/1

Severity: Medium

CVE: CVE-2010-1153
Published: Apr 20, 2010
Updated: Apr 13, 2023
Exploit:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

CWE-94

CVE-2010-1153

Description

Details

CVSS v2

CWEs