Description
The creating record functionality in Extension table administration library (feuser_adminLib.inc) in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, and 6.0.0 through 6.0.11 allows remote attackers to write to arbitrary fields in the configuration database table via crafted links, aka "Mass Assignment."
Remediation
References
Related Vulnerabilities
SharePoint CVE-2020-17120 Vulnerability (CVE-2020-17120)
Joomla Inadequate Encryption Strength Vulnerability (CVE-2011-3629)
phpMyAdmin Other Vulnerability (CVE-2005-3787)
WordPress Plugin Bad Behavior Multiple Vulnerabilities (2.2.18)
Claroline Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2006-4844)