CVE-2013-7080

EPSS 0.27%

TYPO3 is vulnerable to Mass Assignment in the Extension table administration library

發布日:2022/5/17修改日:2023/11/8

描述

The creating record functionality in Extension table administration library (feuser_adminLib.inc) in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, and 6.0.0 through 6.0.11 allows remote attackers to write to arbitrary fields in the configuration database table via crafted links, aka "Mass Assignment."

受影響套件(1)

Packagist/typo3/cms-core>= 4.5.0, < 4.5.31

參考連結(5)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2013-7080
PATCHhttps://github.com/TYPO3-CMS/core
WEBhttp://seclists.org/oss-sec/2013/q4/473
WEBhttp://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004
WEBhttp://www.debian.org/security/2014/dsa-2834