logo

Database

Excessive privileges In typo3/cms

Description

TYPO3 may allow editors to change, create, or delete metadata of files not within their file mounts It has been discovered, that editors with access to file meta data table could change, create or delete metadata of files which are not within their file mounts.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. GCVE-GHSA-4r76-xr68-w7m7

References

1. https://github.com/TYPO3/typo3/commit/0decbf83c531cab77497429eb2edecf9a1038b252. https://github.com/TYPO3/typo3/commit/bff9fa5945801d1d2c641ddc8eb86c6647549d803. https://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2015-07-01-1.yaml4. https://typo3.org/security/advisory/typo3-core-sa-2015-0025. https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-002

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.