CVE-2010-1153 — Code Injection in CMS

CWE-94 — Code Injection4 documents4 sources

Severity

6.8MEDIUMNVD

EPSS

0.6%

top 30.45%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Typo3 CMS Typo3

Timeline

PublishedApr 20

Latest updateMay 2

Description

PHP remote file inclusion vulnerability in the autoloader in TYPO3 4.3.x before 4.3.3 allows remote attackers to execute arbitrary PHP code via a URL in an input field associated with the className variable.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages2 packages

▶Packagisttypo3/cms4.3.0 — 4.3.3

▶NVDtypo3/typo34.3.0, 4.3.1, 4.3.2+2

🔴Vulnerability Details

GHSA

TYPO3 PHP remote file inclusion vulnerability↗2022-05-02

▶

OSV

TYPO3 PHP remote file inclusion vulnerability↗2022-05-02

▶

CVEList

CVE-2010-1153: PHP remote file inclusion vulnerability in the autoloader in TYPO3 4↗2010-04-20

▶