Description

The Backend History Module in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 does not properly restrict access, which allows remote authenticated editors to read the history of arbitrary records via a crafted URL.

Remediation

References

CVE-2012-6146

Related Vulnerabilities

PHP-Fusion CVE-2020-35952 Vulnerability (CVE-2020-35952)

Artifactory Weak Password Requirements Vulnerability (CVE-2019-17444)

TYPO3 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-8755)

MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-4360)

phpMyAdmin Improper Authentication Vulnerability (CVE-2022-23807)

Severity

Medium

Classification

CVE-2012-6146 CWE-264

Tags

Missing Update Known Vulnerabilities