Description

The configuration module in the backend in TYPO3 4.5.x before 4.5.19, 4.6.x before 4.6.12 and 4.7.x before 4.7.4 allows remote authenticated backend users to obtain the encryption key via unspecified vectors.

Remediation

References

CVE-2012-3529

Related Vulnerabilities

MyBB Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-41866)

Craft CMS Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2024-52293)

WordPress Plugin Subscribe to Comments Unsubscribe Challenge Information Disclosure (2.0.2)

WordPress Plugin Seed Social Cross-Site Scripting (2.0.3)

Oracle JRE CVE-2013-2469 Vulnerability (CVE-2013-2469)

Severity

Low

Classification

CVE-2012-3529 CWE-200

Tags

Missing Update Known Vulnerabilities