[ Thanks to AV for
this link. ]
“The developers of the Typo3 CMS framework have raised
the alarm in an email to [email protected], and
security firm Secunia rates the problem “highly critical”. In
versions 4.3.0, 4.3.1 and 4.3.2 of Typo3 (as well as previous
versions of the 4.4 development branch), attackers can inject PHP
code from an external server and execute it within the Typo3
context.“Advisory SA-2010-008 contains details about how to fix the
problem. Upgrading to version 4.3.3 is one way of improving the
situation. The vulnerability is also impossible to exploit if at
least one of three PHP switches is set to “off”:”