Candidate: CVE-2011-4614
PublicDate: 2012-02-18 00:55:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4614
 http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2011-004/
Description:
 PHP remote file inclusion vulnerability in
 Classes/Controller/AbstractController.php in the workspaces system
 extension in TYPO3 4.5.x before 4.5.9, 4.6.x before 4.6.2, and development
 versions of 4.7 allows remote attackers to execute arbitrary PHP code via a
 URL in the BACK_PATH parameter.
Ubuntu-Description: 
Notes: 
Bugs: 
Priority: medium
Discovered-by: Björn Pedersen and Christian Toffolo
Assigned-to: 
CVSS: 

Patches_typo3-src:
 upstream: http://typo3.org/fileadmin/security-team/bug32571/32571.diff
upstream_typo3-src: released (4.5.9,4.6.2)
hardy_typo3-src: ignored (reached end-of-life)
lucid_typo3-src: ignored (reached end-of-life)
maverick_typo3-src: ignored (reached end-of-life)
natty_typo3-src: ignored (reached end-of-life)
oneiric_typo3-src: ignored (reached end-of-life)
precise_typo3-src: not-affected (4.5.10+dfsg1-1)
quantal_typo3-src: not-affected (4.5.10+dfsg1-1)
raring_typo3-src: not-affected (4.5.10+dfsg1-1)
saucy_typo3-src: not-affected (4.5.10+dfsg1-1)
devel_typo3-src: not-affected (4.5.10+dfsg1-1)