Description

The query caching functionality in the Extbase Framework component in TYPO3 6.2.0 before 6.2.3 does not properly validate group permissions, which allows remote authenticated users to read arbitrary queries via unspecified vectors.

Remediation

References

CVE-2014-3946

Related Vulnerabilities

PostgreSQL Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2010-1169)

WordPress Plugin Events Calendar for Google Local File Inclusion (2.1.0)

MySQL CVE-2015-4730 Vulnerability (CVE-2015-4730)

WordPress Plugin Storefront Footer Text Cross-Site Scripting (1.0.1)

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-8808)

Severity

Medium

Classification

CVE-2014-3946 CWE-200

Tags

Missing Update Known Vulnerabilities