Description

The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 does not check permissions, which allows remote authenticated editors to read arbitrary TYPO3 table columns via unspecified parameters.

Remediation

References

CVE-2013-7073

Related Vulnerabilities

WordPress Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-14720)

Undertow CVE-2023-3223 Vulnerability (CVE-2023-3223)

WordPress Plugin Broken Link Manager Cross-Site Scripting (0.5.5)

PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-4721)

WordPress Plugin GDPR Cookie Compliance Security Bypass (4.0.2)

Severity

Medium

Classification

CVE-2013-7073 CWE-264

Tags

Missing Update Known Vulnerabilities