Description
The Backend History Module in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 does not properly restrict access, which allows remote authenticated editors to read the history of arbitrary records via a crafted URL.
Remediation
References
Related Vulnerabilities
WordPress Plugin Advanced Access Manager Arbitrary Code Execution (2.8.2)
WordPress Plugin Simple Image Manipulator Arbitrary File Download (1.0)
WordPress Plugin Ultimate Membership Pro SQL Injection (6.4)
Oracle JRE CVE-2023-21968 Vulnerability (CVE-2023-21968)
ReviveAdserver 7PK - Security Features Vulnerability (CVE-2016-9470)