CVE-2013-7073

medium

Description

The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 does not check permissions, which allows remote authenticated editors to read arbitrary TYPO3 table columns via unspecified parameters.

References

http://www.debian.org/security/2014/dsa-2834

http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004/

http://seclists.org/oss-sec/2013/q4/487

http://seclists.org/oss-sec/2013/q4/473

http://lists.opensuse.org/opensuse-updates/2016-08/msg00106.html

http://lists.opensuse.org/opensuse-updates/2016-08/msg00083.html

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00028.html

Details

Source: Mitre, NVD

Published: 2013-12-23

Updated: 2016-11-28

Risk Information

CVSS v2

Base Score: 4

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Severity: Medium