Description

The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 does not check permissions, which allows remote authenticated editors to read arbitrary TYPO3 table columns via unspecified parameters.

Remediation

References

CVE-2013-7073

Related Vulnerabilities

WordPress Plugin Donation with Goals and Paypal IPN by NonprofitCMS.org 'exporttocsv.php' SQL Injection (1.0)

WordPress 4.7.x Multiple Vulnerabilities (4.7 - 4.7.16)

WordPress Plugin Accessibility Suite by Online ADA SQL Injection (2.0.10)

WordPress Plugin WP Page Builder Cross-Site Scripting (1.2.8)

MySQL CVE-2021-2300 Vulnerability (CVE-2021-2300)

Severity

Medium

Classification

CVE-2013-7073 CWE-264

Tags

Missing Update Known Vulnerabilities