WEB APPLICATION VULNERABILITIES Standard & Premium

TYPO3 Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-7073)

Description

The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 does not check permissions, which allows remote authenticated editors to read arbitrary TYPO3 table columns via unspecified parameters.

Remediation

References

Related Vulnerabilities

WordPress Plugin Slideshow Multiple Cross-Site Scripting Vulnerabilities (2.1.14)

WordPress 5.4.x Multiple Vulnerabilities (5.4 - 5.4.12)

Lighttpd Other Vulnerability (CVE-2007-1869)

Apache HTTP Server Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2011-0419)

WordPress Plugin Chronoforms Cross-Site Request Forgery (7.0.9)

Severity

Medium

Classification

CVE-2013-7073 CWE-264

Tags

Missing Update Known Vulnerabilities