BID:52150

TYPO3 PDF Controller Unspecified Remote Code Execution and Information Disclosure Vulnerabilities

Info

TYPO3 PDF Controller Unspecified Remote Code Execution and Information Disclosure Vulnerabilities

Bugtraq ID:	52150
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Feb 23 2012 12:00AM
Updated:	Feb 23 2012 12:00AM
Credit:	Georg Ringer
Vulnerable:	Typo3 PDF Controller 1.0.1

Not Vulnerable:	Typo3 PDF Controller 1.1.1

Discussion

TYPO3 PDF Controller Unspecified Remote Code Execution and Information Disclosure Vulnerabilities

The TYPO3 PDF Controller extension is prone to unspecified remote code-execution and information-disclosure vulnerabilities.

Successful exploits of these issues may allow an attacker to execute arbitrary code or obtain potentially sensitive information.

PDF Controller 1.0.1 and prior versions are vulnerable.

Exploit / POC

TYPO3 PDF Controller Unspecified Remote Code Execution and Information Disclosure Vulnerabilities

Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Solution / Fix

TYPO3 PDF Controller Unspecified Remote Code Execution and Information Disclosure Vulnerabilities

Solution:
Vendor updates are available. Please see the references for more information.

References

TYPO3 PDF Controller Unspecified Remote Code Execution and Information Disclosure Vulnerabilities

References:

TYPO3 Homepage (TYPO3)
TYPO3 Security Bulletin TYPO3-EXT-SA-2012-003: Several vulnerabilities in third (TYPO3)