Authorization

2013-12-2323:55:00

PRIOn knowledge base

www.prio-n.com

7 High

AI Score

Confidence

Low

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

52.6%

JSON

The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote authenticated backend users to unserialize arbitrary PHP objects, delete arbitrary files, and possibly have other unspecified impacts via an unspecified parameter, related to a “missing signature.”

CPENameOperatorVersion
typo3eq6.0.11
typo3eq6.0.1
typo3eq6.0.10
typo3eq6.0.8
typo3eq6.0.3
typo3eq6.0.2
typo3eq6.0
typo3eq6.0.9
typo3eq6.0.6
typo3eq6.0.5