CVE-2013-7080 – typo3/cms-core

Package

Manager: composer
Name: typo3/cms-core
Vulnerable Version: >=4.5.0 <4.5.31 || >=4.6.0 <4.7.16 || >=6.0.0 <6.0.11

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00274 pctl0.50549

Details

TYPO3 is vulnerable to Mass Assignment in the Extension table administration library The creating record functionality in Extension table administration library (feuser_adminLib.inc) in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, and 6.0.0 through 6.0.11 allows remote attackers to write to arbitrary fields in the configuration database table via crafted links, aka "Mass Assignment."

Metadata

Created: 2022-05-17T04:54:37Z
Modified: 2023-08-29T19:02:14Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-5fj8-wh3g-qvq2/GHSA-5fj8-wh3g-qvq2.json
CWE IDs: []
Alternative ID: GHSA-5fj8-wh3g-qvq2
Finding: F039
Auto approve: 1