CVE-2013-7073
MEDIUM6.5EPSS 0.27%TYPO3 vulnerable to Information Disclosure via Content Editing Wizards component
Published: 5/17/2022Modified: 11/8/2023
Also known as:GHSA-4rpv-g4gq-rh4m
Description
The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 does not check permissions, which allows remote authenticated editors to read arbitrary TYPO3 table columns via unspecified parameters.
Affected packages (2)
- Debian/typo3-srcfrom 0, < 4.3.9+dfsg1-1+squeeze9
- Packagist/typo3/cms>= 4.5.0, < 4.5.32
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.5 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
References (9)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2013-7073
- PATCHhttps://github.com/TYPO3/typo3
- WEBhttp://lists.opensuse.org/opensuse-security-announce/2016-08/msg00028.html
- WEBhttp://lists.opensuse.org/opensuse-updates/2016-08/msg00083.html
- WEBhttp://lists.opensuse.org/opensuse-updates/2016-08/msg00106.html
- WEBhttp://seclists.org/oss-sec/2013/q4/473
- WEBhttp://seclists.org/oss-sec/2013/q4/487
- WEBhttp://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004
- WEBhttp://www.debian.org/security/2014/dsa-2834