Description

The Backend History Module in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 does not properly restrict access, which allows remote authenticated editors to read the history of arbitrary records via a crafted URL.

Remediation

References

CVE-2012-6146

Related Vulnerabilities

Apache Tomcat Other Vulnerability (CVE-2011-1088)

WordPress Plugin iThemes Security (formerly Better WP Security) Cross-Site Scripting (5.3.4)

Frontaccounting Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2007-5148)

ZenCart Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2015-8352)

Oracle Application Server CVE-2008-2619 Vulnerability (CVE-2008-2619)

Severity

Medium

Classification

CVE-2012-6146 CWE-264

Tags

Missing Update Known Vulnerabilities