CVE-2014-6289 – dl/yag

Package

Manager: composer
Name: dl/yag
Vulnerable Version: >=0 <3.0.1

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U

EPSS: 0.00254 pctl0.48513

Details

yag and pt_extbase extensions for TYPO3 allow remote attackers to bypass access restrictions The Ajax dispatcher for Extbase in the Yet Another Gallery (yag) extension before 3.0.1 and Tools for Extbase development (pt_extbase) extension before 1.5.1 allows remote attackers to bypass access restrictions and execute arbitrary controller actions via unspecified vectors.

Metadata

Created: 2022-05-17T04:31:54Z
Modified: 2025-04-14T19:33:24Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-46fq-683f-2jwq/GHSA-46fq-683f-2jwq.json
CWE IDs: ["CWE-284"]
Alternative ID: GHSA-46fq-683f-2jwq
Finding: F039
Auto approve: 1