CVE-2013-7073: TYPO3 vulnerable to Information Disclosure via Content Editing Wizards component
(updated )
The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 does not check permissions, which allows remote authenticated editors to read arbitrary TYPO3 table columns via unspecified parameters.
References
- lists.opensuse.org/opensuse-security-announce/2016-08/msg00028.html
- lists.opensuse.org/opensuse-updates/2016-08/msg00083.html
- lists.opensuse.org/opensuse-updates/2016-08/msg00106.html
- seclists.org/oss-sec/2013/q4/473
- seclists.org/oss-sec/2013/q4/487
- typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004/
- www.debian.org/security/2014/dsa-2834
- github.com/advisories/GHSA-4rpv-g4gq-rh4m
- nvd.nist.gov/vuln/detail/CVE-2013-7073
Code Behaviors & Features
Detect and mitigate CVE-2013-7073 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →