CVE-2013-7073

Sažetak

The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 does not check permissions, which allows remote authenticated editors to read arbitrary TYPO3 table columns via unspecified parameters.

Reference

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00028.html
http://lists.opensuse.org/opensuse-updates/2016-08/msg00083.html
http://lists.opensuse.org/opensuse-updates/2016-08/msg00106.html
http://seclists.org/oss-sec/2013/q4/473
http://seclists.org/oss-sec/2013/q4/487
http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004/
http://www.debian.org/security/2014/dsa-2834

CVSS

Base:	4.0
Impact:	2.9
Exploitability:	8.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:L/Au:S/C:P/I:N/A:N

Zadnje važnije ažuriranje

28-11-2016 - 19:10

Objavljeno

23-12-2013 - 23:55