Description
The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 does not check permissions, which allows remote authenticated editors to read arbitrary TYPO3 table columns via unspecified parameters.
Remediation
References
Related Vulnerabilities
WordPress Plugin AGP Font Awesome Collection Cross-Site Scripting (2.7.2)
MySQL CVE-2021-2215 Vulnerability (CVE-2021-2215)
Coppermine Cross-site Scripting (XSS) Vulnerability (CVE-2015-3921)
MySQL CVE-2017-3636 Vulnerability (CVE-2017-3636)
WordPress Plugin WooCommerce Catalog Enquiry Arbitrary File Upload (3.0.0)