Description
The Backend History Module in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 does not properly restrict access, which allows remote authenticated editors to read the history of arbitrary records via a crafted URL.
Remediation
References
Related Vulnerabilities
WebLogic CVE-2022-21292 Vulnerability (CVE-2022-21292)
WordPress Plugin Image News slider 'upload.php' Arbitrary File Upload (3.3)
WordPress Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-0165)
Joomla! Core Information Disclosure (2.5.0 - 3.9.22)
WordPress Plugin WooCommerce Cross-Seller Unspecified Vulnerability (1.0.2)