Description

The Backend History Module in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 does not properly restrict access, which allows remote authenticated editors to read the history of arbitrary records via a crafted URL.

Remediation

References

CVE-2012-6146

Related Vulnerabilities

WordPress Other Vulnerability (CVE-2007-0262)

Drupal Core 8.x.x Cross-Site Request Forgery (8.0.0 - 8.8.12)

Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-41174)

Jetty Improper Access Control Vulnerability (CVE-2016-4800)

WordPress Plugin Sidebar Login Cross-Site Scripting (2.3.6)

Severity

Medium

Classification

CVE-2012-6146 CWE-264

Tags

Missing Update Known Vulnerabilities