CVE-2005-4875
EPSS 0.16%TYPO3 Reveals Sensitive Information via Direct Request to `misc/phpcheck/`
發布日:2022/5/1修改日:2025/4/4
描述
TYPO3 3.8.0 and earlier allows remote attackers to obtain sensitive information via a direct request to misc/phpcheck/, which invokes the phpinfo function and prints values of unspecified environment variables.
受影響套件(1)
- Packagist/typo3/cmsfrom 0, < 3.8.1
參考連結(6)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2005-4875
- PATCHhttps://github.com/TYPO3/typo3
- WEBhttp://bugs.typo3.org/view.php?id=1250
- WEBhttps://exchange.xforce.ibmcloud.com/vulnerabilities/42457
- WEBhttps://web.archive.org/web/20080228231555/http://typo3.org/teams/security/security-bulletins/typo3-20050725-1
- WEBhttp://typo3.org/teams/security/security-bulletins/typo3-20050725-1