Vulnerabilities > CVE-2014-6236 - Arbitrary Code Execution vulnerability in Lumonet PHP Include Project Lumonet PHP Include 1.2.0

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

lumonet-php-include-project

NVD

Published: 2014-09-11

Updated: 2017-09-08

Summary

Unspecified vulnerability in the LumoNet PHP Include (lumophpinclude) extension before 1.2.1 for TYPO3 allows remote attackers to execute arbitrary scripts via vectors related to extension links.

Vulnerable Configurations

Part	Description	Count
Application	Lumonet_Php_Include_Project Lumonet PHP Include Project Lumonet PHP Include 1.2.0	1

References

http://secunia.com/advisories/60873
http://typo3.org/extensions/repository/view/lumophpinclude
http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-010
http://www.securityfocus.com/bid/69569
https://exchange.xforce.ibmcloud.com/vulnerabilities/95707