Description

The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 does not check permissions, which allows remote authenticated editors to read arbitrary TYPO3 table columns via unspecified parameters.

Remediation

References

CVE-2013-7073

Related Vulnerabilities

Atlassian Jira Insufficient Session Expiration Vulnerability (CVE-2021-39113)

WordPress Plugin Two Factor Authentication Cross-Site Request Forgery (1.3.12)

Apache HTTP Server Improper Input Validation Vulnerability (CVE-2017-15715)

WordPress Plugin Modern Events Calendar Lite Cross-Site Scripting (5.22.1)

ownCloud Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-9465)

Severity

Medium

Classification

CVE-2013-7073 CWE-264

Tags

Missing Update Known Vulnerabilities