CVE-2013-7081

2013-12-2323:55:00

CWE-264

[email protected]

web.nvd.nist.gov

typo3

form content element

cve-2013-7081

security

access restriction bypass

6.2 Medium

AI Score

Confidence

Low

4.9 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:P/A:N

0.002 Low

EPSS

Percentile

52.7%

JSON

The (old) Form Content Element component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote authenticated editors to generate arbitrary HMAC signatures and bypass intended access restrictions via unspecified vectors.

CPENameOperatorVersion
typo3:typo3typo3eq6.0.11
typo3:typo3typo3eq6.0.1
typo3:typo3typo3eq6.0.10
typo3:typo3typo3eq6.0.8
typo3:typo3typo3eq6.0.3
typo3:typo3typo3eq6.0.2
typo3:typo3typo3eq6.0
typo3:typo3typo3eq6.0.9
typo3:typo3typo3eq6.0.6
typo3:typo3typo3eq6.0.5

CPE	Name	Operator	Version
typo3:typo3	typo3	eq	6.0.11
typo3:typo3	typo3	eq	6.0.1
typo3:typo3	typo3	eq	6.0.10
typo3:typo3	typo3	eq	6.0.8
typo3:typo3	typo3	eq	6.0.3
typo3:typo3	typo3	eq	6.0.2
typo3:typo3	typo3	eq	6.0
typo3:typo3	typo3	eq	6.0.9
typo3:typo3	typo3	eq	6.0.6
typo3:typo3	typo3	eq	6.0.5