CVE-2012-3527 Information

Description

view_help.php in the backend help system in TYPO3 4.5.x before 4.5.19 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote authenticated backend users to unserialize arbitrary objects and possibly execute arbitrary PHP code via an unspecified parameter related to a \missing signature (HMAC).\

Reference

http://osvdb.org/84773 http://secunia.com/advisories/50287 http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004/ http://www.debian.org/security/2012/dsa-2537 http://www.openwall.com/lists/oss-security/2012/08/22/8 https://exchange.xforce.ibmcloud.com/vulnerabilities/77791