CVE-2013-7080

EPSS 0.27%

TYPO3 is vulnerable to Mass Assignment in the Extension table administration library

Published: 5/17/2022Modified: 11/8/2023

Description

The creating record functionality in Extension table administration library (feuser_adminLib.inc) in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, and 6.0.0 through 6.0.11 allows remote attackers to write to arbitrary fields in the configuration database table via crafted links, aka "Mass Assignment."

Affected packages (1)

Packagist/typo3/cms-core>= 4.5.0, < 4.5.31

References (5)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2013-7080
PATCHhttps://github.com/TYPO3-CMS/core
WEBhttp://seclists.org/oss-sec/2013/q4/473
WEBhttp://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004
WEBhttp://www.debian.org/security/2014/dsa-2834