Description

The query caching functionality in the Extbase Framework component in TYPO3 6.2.0 before 6.2.3 does not properly validate group permissions, which allows remote authenticated users to read arbitrary queries via unspecified vectors.

Remediation

References

CVE-2014-3946

Related Vulnerabilities

Dotclear Other Vulnerability (CVE-2005-3957)

MySQL CVE-2016-0658 Vulnerability (CVE-2016-0658)

ReviveAdserver Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2016-9455)

MySQL CVE-2022-21333 Vulnerability (CVE-2022-21333)

MediaWiki URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2017-0363)

Severity

Medium

Classification

CVE-2014-3946 CWE-200

Tags

Missing Update Known Vulnerabilities