Description
The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 does not check permissions, which allows remote authenticated editors to read arbitrary TYPO3 table columns via unspecified parameters.
Remediation
References
Related Vulnerabilities
Atlassian Jira Insufficient Session Expiration Vulnerability (CVE-2021-39113)
WordPress Plugin Two Factor Authentication Cross-Site Request Forgery (1.3.12)
Apache HTTP Server Improper Input Validation Vulnerability (CVE-2017-15715)
WordPress Plugin Modern Events Calendar Lite Cross-Site Scripting (5.22.1)