Description

The query caching functionality in the Extbase Framework component in TYPO3 6.2.0 before 6.2.3 does not properly validate group permissions, which allows remote authenticated users to read arbitrary queries via unspecified vectors.

Remediation

References

CVE-2014-3946

Related Vulnerabilities

Oracle JRE CVE-2012-5072 Vulnerability (CVE-2012-5072)

OpenSSL Resource Management Errors Vulnerability (CVE-2014-0221)

WebLogic CVE-2023-21964 Vulnerability (CVE-2023-21964)

WordPress Plugin Event Espresso Lite-Event Management and Registration System SQL Injection (3.1.37.12)

WordPress Plugin Ultimate Member-User Profile, Registration, Login, Member Directory, Content Restriction & Membership Cross-Site Scripting (2.1.19)

Severity

Medium

Classification

CVE-2014-3946 CWE-200

Tags

Missing Update Known Vulnerabilities