Description
The Backend History Module in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 does not properly restrict access, which allows remote authenticated editors to read the history of arbitrary records via a crafted URL.
Remediation
References
Related Vulnerabilities
WordPress Plugin Easy Social Box/Page Cross-Site Scripting (4.1.2)
IBM WebSEAL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-1886)
WordPress 5.4.x PHP Object Injection (5.4 - 5.4.5)
WordPress Plugin Spam protection, AntiSpam, FireWall by CleanTalk SQL Injection (5.185)