June 14, 2021

Critical Vulnerability is TYPO3-Core; Remote Code Execution

(LiveHacking.Com) – The TYPO3 development team has issued a warning about a critical vulnerability in the TYPO3 content management system.

According to TYPO3 security bulletins, a crafted request to a vulnerable TYPO3 installation will allow an attacker to load PHP code from an external source and to execute it on the TYPO3 installation. The security issue is due to insufficient validation of the AbstractController.php file’s BACK_PATH parameter that leads to remote code execution.

With reference to the TYPO3 security advisory, a vulnerable system will meet all the the following conditions:

  1. TYPO3 version 4.5.0 up to 4.5.8, 4.6.0 or 4.6.1 (+ development releases of 4.7 branch).
  2. The following PHP configuration variables set to “on”: register_globals (“off” by default, advised to be “off” in TYPO3SecurityGuide), allow_url_include (“off” by default) and allow_url_fopen (“on” by default)

The following solutions have been advised by the TYPO3 security advisory:

  1. Update to the TYPO3 version 4.5.9 or 4.6.2 that fixes the problem described.
  2. Set at least one of following PHP configuration variables to “off”: register_globals, allow_url_include and allow_url_fopen.
  3. Apply the securitypatch.
  4. Set up a mod_security rule: SecRule ARGS:BACK_PATH “^(https?|ftp)” “deny”.

Please view the TYPO3 security advisory for more information.

Awstats Apache Tomcat Configuration File Remote Arbitrary Command Execution Vulnerability

AWStats 6.95 and its prior versions are prone to an arbitrary command-execution vulnerability. This issue occurs when Awstats is used along with Apache Tomcat in Microsoft Windows.

According to securityfocus.com, an attacker can exploit this vulnerability to execute arbitrary shell commands in the context of the webserver process. This may help attackers compromise the underlying system; other attacks are also possible. [Read more…]