Title: Realty Manager Extension for TYPO3 unserialise() Method Call Unspecified Information Disclosure
Mar 28, 2012
Mar 22, 2012
Realty Manager Extension for TYPO3 contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when certain unspecified information is not properly sanitized before being used in a 'unserialise()' method call, which will disclose sensitive information to a remote attacker.
Remote / Network Access
Loss of Confidentiality
Upgrade to version 0.5.3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.