CVE-2013-7075 – typo3/cms

Package

Manager: composer
Name: typo3/cms
Vulnerable Version: >=4.5.0 <4.5.32 || >=4.7.0 <4.7.17 || >=6.0.0 <6.0.12 || >=6.1.0 <6.1.7

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

EPSS: 0.00613 pctl0.68911

Details

TYPO3 vulnerable to Insecure Unserialize via Content Editing Wizards component The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote authenticated backend users to unserialize arbitrary PHP objects, delete arbitrary files, and possibly have other unspecified impacts via an unspecified parameter, related to a "missing signature."

Metadata

Created: 2022-05-17T04:54:41Z
Modified: 2023-08-29T19:02:19Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-47ww-mq32-g4xw/GHSA-47ww-mq32-g4xw.json
CWE IDs: ["CWE-502"]
Alternative ID: GHSA-47ww-mq32-g4xw
Finding: F096
Auto approve: 1