CVE-2013-7081 – typo3/cms-core

Package

Manager: composer
Name: typo3/cms-core
Vulnerable Version: >=4.5.0 <4.5.31 || >=4.7.0 <4.7.16 || >=6.0.0 <6.0.11 || >=6.1.0 <6.1.6

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00171 pctl0.38852

Details

TYPO3 Improper Access Control vulnerability The (old) Form Content Element component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote authenticated editors to generate arbitrary HMAC signatures and bypass intended access restrictions via unspecified vectors.

Metadata

Created: 2022-05-17T04:54:37Z
Modified: 2023-08-29T19:02:10Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-r674-mc9p-hvw5/GHSA-r674-mc9p-hvw5.json
CWE IDs: ["CWE-284"]
Alternative ID: GHSA-r674-mc9p-hvw5
Finding: F039
Auto approve: 1