According to the TYPO3 developer team, a critical hole has been found in the content management system (CMS) that could allow an attacker to compromise a server.
"Insufficient checking of the AbstractController.php file's BACK_PATH parameter enables attackers to upload and execute arbitrary PHP scripts (Remote File Inclusion)," The H Security reports. "The developers have been informed that attackers are already trying to intrude into users' servers on a large scale."
"The developer team has provided a patch and released the corrected versions 4.5.9 and 4.6.2," the article states.
Go to "TYPO3 developers warn of critical hole" to read the details.https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i
For regular security news updates, follow eSecurityPlanet on Twitter: @eSecurityP.