Description

The File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.9 and 6.1.x before 6.1.4 does not properly check permissions, which allows remote authenticated users to create or read arbitrary files via a crafted URL.

Remediation

References

CVE-2013-4320

Related Vulnerabilities

WordPress Plugin WP Download Codes Cross-Site Scripting (2.5.1)

WordPress Plugin NewStatPress Multiple Vulnerabilities (0.9.8)

MySQL CVE-2016-3452 Vulnerability (CVE-2016-3452)

WordPress Plugin WP Database Backup Cross-Site Scripting (5.1.1)

WordPress Plugin Q and A FAQ and Knowledge Base for WordPress Multiple SQL Injection Vulnerabilities (1.0.6.2)

Severity

Medium

Classification

CVE-2013-4320 CWE-264

Tags

Missing Update Known Vulnerabilities