Critical Security Flaw Patched in TYPO3 CMS
According to the developer team, the vulnerability is already being exploited on a large scale.
According to the TYPO3 developer team, a critical hole has been found in the content management system (CMS) that could allow an attacker to compromise a server.
"Insufficient checking of the AbstractController.php file's BACK_PATH parameter enables attackers to upload and execute arbitrary PHP scripts (Remote File Inclusion)," The H Security reports. "The developers have been informed that attackers are already trying to intrude into users' servers on a large scale."
"The developer team has provided a patch and released the corrected versions 4.5.9 and 4.6.2," the article states.
Go to "TYPO3 developers warn of critical hole" to read the details.
For regular security news updates, follow eSecurityPlanet on Twitter: @eSecurityP.