Description

The query caching functionality in the Extbase Framework component in TYPO3 6.2.0 before 6.2.3 does not properly validate group permissions, which allows remote authenticated users to read arbitrary queries via unspecified vectors.

Remediation

References

CVE-2014-3946

Related Vulnerabilities

OpenVPN AS Insertion of Sensitive Information into Log File Vulnerability (CVE-2022-33737)

PostgreSQL Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2014-0063)

WordPress Plugin WP Media Cleaner Multiple Cross-Site Scripting Vulnerabilities (2.2.6)

Ruby on Rails Resource Management Errors Vulnerability (CVE-2016-0751)

WordPress Plugin TheCartPress eCommerce Shopping Cart 'OptionsPostsList.php' Cross-Site Scripting (1.1.6)

Severity

Medium

Classification

CVE-2014-3946 CWE-200

Tags

Missing Update Known Vulnerabilities