Description

The File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.9 and 6.1.x before 6.1.4 does not properly check permissions, which allows remote authenticated users to create or read arbitrary files via a crafted URL.

Remediation

References

CVE-2013-4320

Related Vulnerabilities

Oracle Database Server CVE-2009-1994 Vulnerability (CVE-2009-1994)

WordPress Ultimate Member Plugin Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2020-6859)

WordPress Plugin PHP Everywhere Multiple Remote Code Execution Vulnerabilities (2.0.3)

Apache Tomcat Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2015-5351)

WordPress Plugin Cardinity Payment Gateway for WooCommerce Cross-Site Scripting (3.0.6)

Severity

Medium

Classification

CVE-2013-4320 CWE-264

Tags

Missing Update Known Vulnerabilities