CVE-2013-4320 – typo3/cms-core

Package

Manager: composer
Name: typo3/cms-core
Vulnerable Version: >=6.0 <6.0.9 || >=6.1 <6.1.4

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00129 pctl0.33221

Details

TYPO3 Improper Access Management in the File Abstraction Layer The File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.9 and 6.1.x before 6.1.4 does not properly check permissions, which allows remote authenticated users to create or read arbitrary files via a crafted URL.

Metadata

Created: 2022-05-17T04:43:27Z
Modified: 2023-08-28T23:35:04Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-p9jg-9w87-6rg4/GHSA-p9jg-9w87-6rg4.json
CWE IDs: ["CWE-284"]
Alternative ID: GHSA-p9jg-9w87-6rg4
Finding: F039
Auto approve: 1