← back
CVE-2013-7073

CVE-2013-7073

EPSS 1.3%
The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 does not check permissions, which allows remote authenticated editors to read arbitrary TYPO3 table columns via unspecified parameters.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00028.htmlhttp://lists.opensuse.org/opensuse-updates/2016-08/msg00083.htmlhttp://lists.opensuse.org/opensuse-updates/2016-08/msg00106.htmlhttp://seclists.org/oss-sec/2013/q4/473http://seclists.org/oss-sec/2013/q4/487http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004/http://www.debian.org/security/2014/dsa-2834