ID CVE-2014-6236
Summary Unspecified vulnerability in the LumoNet PHP Include (lumophpinclude) extension before 1.2.1 for TYPO3 allows remote attackers to execute arbitrary scripts via vectors related to extension links.
References
Vulnerable Configurations
  • cpe:2.3:a:lumonet_php_include_project:lumonet_php_include:1.2.0:*:*:*:*:typo3:*:*
    cpe:2.3:a:lumonet_php_include_project:lumonet_php_include:1.2.0:*:*:*:*:typo3:*:*
CVSS
Base: 7.5 (as of 08-09-2017 - 01:29)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bid 69569
confirm http://typo3.org/extensions/repository/view/lumophpinclude
misc http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-010
secunia 60873
xf lumophpinclude-unspecified-code-exec(95707)
Last major update 08-09-2017 - 01:29
Published 11-09-2014 - 14:16
Last modified 08-09-2017 - 01:29
Back to Top