CVE-2013-7080
TYPO3 4.5.0-4.5.31, 4.7.0-4.7.16, 6.0.0-6.0.11 - Unauthenticated Mass Assignment via Extension Table Administration
Title source: llmDescription
The creating record functionality in Extension table administration library (feuser_adminLib.inc) in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, and 6.0.0 through 6.0.11 allows remote attackers to write to arbitrary fields in the configuration database table via crafted links, aka "Mass Assignment."
References (3)
Core 3
Core References
Mailing List mailing-list
x_refsource_mlist
http://seclists.org/oss-sec/2013/q4/473
Vendor Advisory x_refsource_confirm
http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004/
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2014/dsa-2834
Scores
EPSS
0.0027
EPSS Percentile
50.9%
Details
Status
published
Products (50)
typo3/cms-core
4.5.0 - 4.5.31Packagist
typo3/typo3
6.0
typo3/typo3
6.0.1
typo3/typo3
6.0.2
typo3/typo3
6.0.3
typo3/typo3
6.0.4
typo3/typo3
6.0.5
typo3/typo3
6.0.6
typo3/typo3
6.0.7
typo3/typo3
6.0.8
... and 40 more
Published
Dec 23, 2013
Tracked Since
Feb 18, 2026