Description
The creating record functionality in Extension table administration library (feuser_adminLib.inc) in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, and 6.0.0 through 6.0.11 allows remote attackers to write to arbitrary fields in the configuration database table via crafted links, aka "Mass Assignment."
Remediation
References
Related Vulnerabilities
WordPress Plugin Business Hours Indicator Cross-Site Scripting (2.3.4)
WordPress Plugin PI Button includes Backdoor [Only if downloaded via the vendor website] (3.3.3)
WordPress Plugin WP Database Reset Multiple Security Bypass Vulnerabilities (3.1)
WordPress Plugin Login No Captcha reCAPTCHA Security Bypass (1.6.11)