According to the TYPO3 developer team, a critical hole has been found in the content management system (CMS) that could allow an attacker to compromise a server.

"Insufficient checking of the AbstractController.php file's BACK_PATH parameter enables attackers to upload and execute arbitrary PHP scripts (Remote File Inclusion)," The H Security reports. "The developers have been informed that attackers are already trying to intrude into users' servers on a large scale."

"The developer team has provided a patch and released the corrected versions 4.5.9 and 4.6.2," the article states.


Go to "TYPO3 developers warn of critical hole" to read the details.

For regular security news updates, follow eSecurityPlanet on Twitter: @eSecurityP.