Description

The Backend History Module in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 does not properly restrict access, which allows remote authenticated editors to read the history of arbitrary records via a crafted URL.

Remediation

References

CVE-2012-6146

Related Vulnerabilities

Serendipity Other Vulnerability (CVE-2005-1451)

Apache Tomcat Other Vulnerability (CVE-2015-5346)

Magento Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-8146)

WebLogic CVE-2021-2204 Vulnerability (CVE-2021-2204)

WordPress Plugin Goolytics-Simple Google Analytics Cross-Site Scripting (1.1.1)

Severity

Medium

Classification

CVE-2012-6146 CWE-264

Tags

Missing Update Known Vulnerabilities