Moderate severityNVD Advisory· Published Sep 4, 2012· Updated Apr 29, 2026
CVE-2012-1605
CVE-2012-1605
Description
The Extbase Framework in TYPO3 4.6.x through 4.6.6, 4.7, and 6.0 unserializes untrusted data, which allows remote attackers to unserialize arbitrary objects and possibly execute arbitrary code via vectors related to "a missing signature (HMAC) for a request argument."
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
typo3/cmsPackagist | >= 4.6, < 4.6.7 | 4.6.7 |
typo3/cmsPackagist | >= 4.4.0, < 4.4.14 | 4.4.14 |
typo3/cmsPackagist | >= 4.5.0, < 4.5.14 | 4.5.14 |
Affected products
11cpe:2.3:a:typo3:typo3:4.6:*:*:*:*:*:*:*+ 9 more
- cpe:2.3:a:typo3:typo3:4.6:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.6.4:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.6.5:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.6.6:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:4.7:*:*:*:*:*:*:*
- cpe:2.3:a:typo3:typo3:6.0:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-001/nvdVendor Advisory
- github.com/advisories/GHSA-7jfm-px59-99w8ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2012-1605ghsaADVISORY
- typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-001ghsaWEB
- www.openwall.com/lists/oss-security/2012/03/30/4nvdWEB
- web.archive.org/web/20120527123559/http://www.securityfocus.com/bid/52771ghsaWEB
- www.osvdb.org/80759nvd
- www.securityfocus.com/bid/52771nvd
News mentions
0No linked articles in our index yet.