CVE-2013-7073
MEDIUM6.5EPSS 0.27%typo3-src - several
發布日:2022/5/17修改日:2026/3/9
描述
The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 does not check permissions, which allows remote authenticated editors to read arbitrary TYPO3 table columns via unspecified parameters.
受影響套件(2)
- Debian/typo3-srcfrom 0, < 4.3.9+dfsg1-1+squeeze9
- Packagist/typo3/cms>= 4.5.0, < 4.5.32
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.5 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
參考連結(9)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2013-7073
- PATCHhttps://github.com/TYPO3/typo3
- WEBhttp://lists.opensuse.org/opensuse-security-announce/2016-08/msg00028.html
- WEBhttp://lists.opensuse.org/opensuse-updates/2016-08/msg00083.html
- WEBhttp://lists.opensuse.org/opensuse-updates/2016-08/msg00106.html
- WEBhttp://seclists.org/oss-sec/2013/q4/473
- WEBhttp://seclists.org/oss-sec/2013/q4/487
- WEBhttp://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004
- WEBhttp://www.debian.org/security/2014/dsa-2834