CVE-2013-7073 – typo3/cms

Package

Manager: composer
Name: typo3/cms
Vulnerable Version: >=4.5.0 <4.5.32 || >=4.7.0 <4.7.17 || >=6.0.0 <6.0.12 || >=6.1.0 <6.1.7

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00275 pctl0.50576

Details

TYPO3 vulnerable to Information Disclosure via Content Editing Wizards component The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 does not check permissions, which allows remote authenticated editors to read arbitrary TYPO3 table columns via unspecified parameters.

Metadata

Created: 2022-05-17T03:46:18Z
Modified: 2023-08-28T23:47:48Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-4rpv-g4gq-rh4m/GHSA-4rpv-g4gq-rh4m.json
CWE IDs: ["CWE-200"]
Alternative ID: GHSA-4rpv-g4gq-rh4m
Finding: F038
Auto approve: 1