TYPO3 Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-4320)

Description

The File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.9 and 6.1.x before 6.1.4 does not properly check permissions, which allows remote authenticated users to create or read arbitrary files via a crafted URL.

Remediation

References

CVE-2013-4320

Related Vulnerabilities

WordPress Plugin Gravity Forms Salesforce Cross-Site Scripting (1.2.4)

WordPress Plugin IP Logger 'map-details.php' SQL Injection (3.0)

WebLogic CVE-2016-0700 Vulnerability (CVE-2016-0700)

WordPress 5.9.x Multiple Vulnerabilities (5.9 - 5.9.4)

Apache HTTP Server Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2003-0542)

Severity

Medium

Classification

CVE-2013-4320 CWE-264