Description
The configuration module in the backend in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote authenticated backend users to obtain the encryption key via unspecified vectors.
Remediation
References
Related Vulnerabilities
Atlassian Jira Incorrect Authorization Vulnerability (CVE-2019-3403)
WordPress Plugin Cryptocurrency Donation Box-Bitcoin & Crypto Donations Security Bypass (1.7)
Joomla! Core 1.0.x Multiple Unspecified Vulnerabilities (1.0.0 - 1.0.7)
WordPress Plugin Limit Login Attempts Reloaded Cross-Site Scripting (2.7.0)
MediaWiki Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2024-40603)