Moderate severityNVD Advisory· Published Sep 5, 2012· Updated Apr 29, 2026

CVE-2012-3527

Description

view_help.php in the backend help system in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote authenticated backend users to unserialize arbitrary objects and possibly execute arbitrary PHP code via an unspecified parameter, related to a "missing signature (HMAC)."

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
typo3/cmsPackagist	>= 4.5.0, < 4.5.19	4.5.19
typo3/cmsPackagist	>= 4.6.0, < 4.6.12	4.6.12
typo3/cmsPackagist	>= 4.7.0, < 4.7.4	4.7.4

Affected products

TYPO3/Typo3
cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*
Range: >=4.5.0,<4.5.19
Debian/Debian Linux2 versions
cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004/nvdVendor Advisory
www.debian.org/security/2012/dsa-2537nvdThird Party AdvisoryWEB
exchange.xforce.ibmcloud.com/vulnerabilities/77791nvdThird Party AdvisoryVDB EntryWEB
github.com/advisories/GHSA-m4hw-r893-xh4gghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2012-3527ghsaADVISORY
osvdb.org/84773nvdBroken Link
secunia.com/advisories/50287nvdNot Applicable
www.openwall.com/lists/oss-security/2012/08/22/8nvdMailing ListWEB
web.archive.org/web/20120817233148/http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-004ghsaWEB

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000