CVE-2013-7075
TYPO3 4.5.0-4.5.31, 4.7.0-4.7.16, 6.0.0-6.0.11, 6.1.0-6.1.6 - Authenticated PHP Object Unserialization and File Deletion
Title source: llmDescription
The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote authenticated backend users to unserialize arbitrary PHP objects, delete arbitrary files, and possibly have other unspecified impacts via an unspecified parameter, related to a "missing signature."
References (3)
Core 3
Core References
Mailing List mailing-list
x_refsource_mlist
http://seclists.org/oss-sec/2013/q4/473
Vendor Advisory x_refsource_confirm
http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004/
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2014/dsa-2834
Scores
EPSS
0.0041
EPSS Percentile
61.3%
Details
CWE
CWE-310
Status
published
Products (50)
typo3/cms
4.5.0 - 4.5.32Packagist
typo3/typo3
6.0
typo3/typo3
6.0.1
typo3/typo3
6.0.2
typo3/typo3
6.0.3
typo3/typo3
6.0.4
typo3/typo3
6.0.5
typo3/typo3
6.0.6
typo3/typo3
6.0.7
typo3/typo3
6.0.8
... and 40 more
Published
Dec 23, 2013
Tracked Since
Feb 18, 2026