Summary
This host is installed with TYPO3 and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow remote attackers to get sensitive information or execute arbitrary script code.
Impact Level: Application
Solution
Upgrade to TYPO3 version 4.5.32, 4.7.17, 6.0.12, 6.1.7 or later, For updates refer to, http://typo3.org/
Insight
Multiple error exists in the application,
- Multiple error exist in Content Editing Wizard, which fails to check user permissions, properly encode user input and which misses signature for an input parameter.
- An error exist in Extbase Framework, which returns error messages without properly encoding.
- An error exist in openid extension, which allows redirection to arbitrary URL.
- An error exist in form content element, which allows generation of arbitrary signatures that could be used in a different context.
Affected
TYPO3 version 4.5.0 to 4.5.31, 4.7.0 to 4.7.16, 6.0.0 to 6.0.11, 6.1.0 to 6.1.6
Detection
Get the installed version with the help of detect NVT and check the version is vulnerable or not.
References
Severity
Classification
-
CVE CVE-2013-7073, CVE-2013-7074, CVE-2013-7075, CVE-2013-7078, CVE-2013-7079, CVE-2013-7081 -
CVSS Base Score: 6.5
AV:N/AC:L/Au:S/C:P/I:P/A:P
Related Vulnerabilities
- AeroMail Cross Site Request Forgery, HTML Injection and Cross Site Scripting Vulnerabilities
- aeNovo Database Content Disclosure Vulnerability
- Alt-N WebAdmin Remote Source Code Information Disclosure Vulnerability
- /doc directory browsable ?
- Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability