Vulnerability Details : CVE-2014-6236
Unspecified vulnerability in the LumoNet PHP Include (lumophpinclude) extension before 1.2.1 for TYPO3 allows remote attackers to execute arbitrary scripts via vectors related to extension links.
Exploit prediction scoring system (EPSS) score for CVE-2014-6236
Probability of exploitation activity in the next 30 days: 9.15%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 94 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2014-6236
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
References for CVE-2014-6236
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/95707
LumoNet PHP Include (lumophpinclude) extension for TYPO3 unspecified code execution CVE-2014-6236 Vulnerability Report
-
http://www.securityfocus.com/bid/69569
TYPO3 LumoNet PHP Include Extension Unspecified Arbitrary Code Execution Vulnerability
-
http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-010
Page Not FoundPatch;Vendor Advisory
-
http://typo3.org/extensions/repository/view/lumophpinclude
LumoNet PHP Include (lumophpinclude)Patch
Products affected by CVE-2014-6236
- cpe:2.3:a:lumonet_php_include_project:lumonet_php_include:1.2.0:*:*:*:*:typo3:*:*