Design/Logic Flaw

2013-12-2323:55:00

PRIOn knowledge base

www.prio-n.com

6.7 Medium

AI Score

Confidence

Low

4.9 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:P/A:N

0.002 Low

EPSS

Percentile

53.0%

JSON

The (old) Form Content Element component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote authenticated editors to generate arbitrary HMAC signatures and bypass intended access restrictions via unspecified vectors.

CPENameOperatorVersion
typo3eq6.0.11
typo3eq6.0.1
typo3eq6.0.10
typo3eq6.0.8
typo3eq6.0.3
typo3eq6.0.2
typo3eq6.0
typo3eq6.0.9
typo3eq6.0.6
typo3eq6.0.5