CVE-2013-7073
TYPO3 4.5.0-4.5.31, 4.7.0-4.7.16, 6.0.0-6.0.11, 6.1.0-6.1.6 - Authenticated Data Read via Content Editing Wizards
Title source: llmDescription
The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 does not check permissions, which allows remote authenticated editors to read arbitrary TYPO3 table columns via unspecified parameters.
References (7)
Core 7
Core References
Mailing List mailing-list
x_refsource_mlist
http://seclists.org/oss-sec/2013/q4/487
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2016-08/msg00106.html
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00028.html
Mailing List mailing-list
x_refsource_mlist
http://seclists.org/oss-sec/2013/q4/473
Vendor Advisory x_refsource_confirm
http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004/
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2016-08/msg00083.html
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2014/dsa-2834
Scores
EPSS
0.0027
EPSS Percentile
51.0%
Details
CWE
CWE-264
Status
published
Products (50)
typo3/cms
4.5.0 - 4.5.32Packagist
typo3/typo3
4.5.0
typo3/typo3
4.5.1
typo3/typo3
4.5.2
typo3/typo3
4.5.3
typo3/typo3
4.5.4
typo3/typo3
4.5.5
typo3/typo3
4.5.6
typo3/typo3
4.5.7
typo3/typo3
4.5.8
... and 40 more
Published
Dec 23, 2013
Tracked Since
Feb 18, 2026