TYPO3 developers warn of critical hole
From http://h-online.com/-1397861
Quote:
The TYPO3 developer team has warned that a critical hole in the TYPO3 Content Management System (CMS) potentially allows attackers to compromise a server. Insufficient checking of the AbstractController.php file's BACK_PATH parameter enables attackers to upload and execute arbitrary PHP scripts (Remote File Inclusion). The developers have been informed that attackers are already trying to intrude into users' servers on a large scale.
|
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
|