Unrated severityNVD Advisory· Published Feb 18, 2012· Updated Apr 29, 2026

CVE-2011-4614

Description

PHP remote file inclusion vulnerability in Classes/Controller/AbstractController.php in the workspaces system extension in TYPO3 4.5.x before 4.5.9, 4.6.x before 4.6.2, and development versions of 4.7 allows remote attackers to execute arbitrary PHP code via a URL in the BACK_PATH parameter.

Affected products

TYPO3/Typo311 versions
cpe:2.3:a:typo3:typo3:4.5:*:*:*:*:*:*:*+ 10 more
- cpe:2.3:a:typo3:typo3:4.5:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.5.6:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.5.7:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.5.8:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.6:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.6.1:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2011-004/nvdPatchVendor Advisory
secunia.com/advisories/47201nvdVendor Advisory
typo3.org/fileadmin/security-team/bug32571/32571.diffnvd
www.openwall.com/lists/oss-security/2011/12/16/1nvd
www.osvdb.org/77776nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000