CVE-2013-7073

2013-12-2323:55:00

CWE-264

[email protected]

web.nvd.nist.gov

typo3

content editing wizards

remote code execution

security vulnerability

authentication

6.1 Medium

AI Score

Confidence

Low

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

0.002 Low

EPSS

Percentile

55.3%

JSON

The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 does not check permissions, which allows remote authenticated editors to read arbitrary TYPO3 table columns via unspecified parameters.

CPENameOperatorVersion
typo3:typo3typo3eq4.5.30
typo3:typo3typo3eq4.5.3
typo3:typo3typo3eq4.5.27
typo3:typo3typo3eq4.5.9
typo3:typo3typo3eq4.5.12
typo3:typo3typo3eq4.5.24
typo3:typo3typo3eq4.5.15
typo3:typo3typo3eq4.5.5
typo3:typo3typo3eq4.5.13
typo3:typo3typo3eq4.5.17

CPE	Name	Operator	Version
typo3:typo3	typo3	eq	4.5.30
typo3:typo3	typo3	eq	4.5.3
typo3:typo3	typo3	eq	4.5.27
typo3:typo3	typo3	eq	4.5.9
typo3:typo3	typo3	eq	4.5.12
typo3:typo3	typo3	eq	4.5.24
typo3:typo3	typo3	eq	4.5.15
typo3:typo3	typo3	eq	4.5.5
typo3:typo3	typo3	eq	4.5.13
typo3:typo3	typo3	eq	4.5.17