CVE-2013-7081: TYPO3 Improper Access Control vulnerability

May 17, 2022 (updated August 29, 2023)

The (old) Form Content Element component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote authenticated editors to generate arbitrary HMAC signatures and bypass intended access restrictions via unspecified vectors.

References

seclists.org/oss-sec/2013/q4/473
typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004/
www.debian.org/security/2014/dsa-2834
github.com/advisories/GHSA-r674-mc9p-hvw5
nvd.nist.gov/vuln/detail/CVE-2013-7081

Code Behaviors & Features

Detect and mitigate CVE-2013-7081 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →