Description
The creating record functionality in Extension table administration library (feuser_adminLib.inc) in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, and 6.0.0 through 6.0.11 allows remote attackers to write to arbitrary fields in the configuration database table via crafted links, aka "Mass Assignment."
Remediation
References
Related Vulnerabilities
Plone CMS Improper Restriction of XML External Entity Reference Vulnerability (CVE-2020-28734)
MySQL CVE-2023-22046 Vulnerability (CVE-2023-22046)
Internet Information Services Other Vulnerability (CVE-2000-0408)
WordPress Plugin HubSpot All-In-One Marketing-Forms, Popups, Live Chat Cross-Site Scripting (7.5.5)