CVE-2012-5368

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus

SecuriTeam™
Beyond Security®

SecuriTeam™ Home
Ask the Team
Mailing Lists
Advertising Info
Blogs

	SecuriTeam™ in Your Inbox

	E-mail this CVE-2012-5368 to a friend

New vulnerability?
New tool?
Tell us

Credit:
The information has been provided by Mike Cardwell.

Website Security Scan	Code Vulnerability Test	Network Assessment Tool
Detect hidden vulnerabilities	Exhaustive automated testing	Real-time, continuous security
Get guidance from professionals	of internal or 3rd party code.	scanning for your entire network

Check for CVE-2012-5368

Vulnerability Assessment and Management.
Automated Pen Testing for 50 to 50,000 nodes
beyondsecurity.com/vulnerability-scanner

Vulnerable Systems:
* phpMyAdmin 3.5.x versions and Prior

Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks or impersonate trusted servers, which will aid in further attacks. A vulnerability has been reported in the phpMyAdmin extension for TYPO3, which can be exploited by malicious users to bypass certain security restrictions.

The vulnerability is caused due to the extension not properly restricting access to administrative users only, which can be exploited to gain access to the database administration interface by accessing a specially crafted URL. Successful exploitation requires standard TYPO3 backend editor rights. The vulnerability is reported in versions 4.1.0 through 4.8.0.

CVE Information:
CVE-2012-5368

Disclosure Timeline:
Published : Oct 12 2012
Updated : Oct 12 2012

Security News - Security Reviews - Exploits - Tools - UNIX Focus - Windows Focus