Typo3 allows remote command execution via PHPApr 13, 2010, 12:02 (0 Talkback[s])
WEBINAR: On-demand Event
Replace Oracle with the NoSQL Engagement Database: Why and how leading companies are making the switch REGISTER >
[ Thanks to AV for this link. ]
"The developers of the Typo3 CMS framework have raised the alarm in an email to email@example.com, and security firm Secunia rates the problem "highly critical". In versions 4.3.0, 4.3.1 and 4.3.2 of Typo3 (as well as previous versions of the 4.4 development branch), attackers can inject PHP code from an external server and execute it within the Typo3 context.
0 Talkback[s] (click to add your comment)