Description

The creating record functionality in Extension table administration library (feuser_adminLib.inc) in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, and 6.0.0 through 6.0.11 allows remote attackers to write to arbitrary fields in the configuration database table via crafted links, aka "Mass Assignment."

Remediation

References

CVE-2013-7080

Related Vulnerabilities

WebLogic CVE-2021-2033 Vulnerability (CVE-2021-2033)

MODX Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2017-1000067)

MySQL CVE-2018-3067 Vulnerability (CVE-2018-3067)

WordPress Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-5834)

WordPress Plugin ByREV WP-PICShield Cross-Site Request Forgery (1.9.7)

Severity

Medium

Classification

CVE-2013-7080

Tags

Missing Update Known Vulnerabilities