TYPO3 Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-6146)

Description

The Backend History Module in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 does not properly restrict access, which allows remote authenticated editors to read the history of arbitrary records via a crafted URL.

Remediation

References

CVE-2012-6146

Related Vulnerabilities

WebLogic CVE-2019-2395 Vulnerability (CVE-2019-2395)

ownCloud Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-5341)

WordPress Plugin About Author Cross-Site Scripting (1.3.9)

WordPress Plugin Collapse-O-Matic Cross-Site Scripting (1.8.2)

WordPress Plugin Nmedia WordPress Member Conversation 'doupload.php' Arbitrary File Upload (1.3)

Severity

Medium

Classification

CVE-2012-6146 CWE-264