Описание
TYPO3 is vulnerable to Mass Assignment in the Extension table administration library
The creating record functionality in Extension table administration library (feuser_adminLib.inc) in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, and 6.0.0 through 6.0.11 allows remote attackers to write to arbitrary fields in the configuration database table via crafted links, aka "Mass Assignment."
Пакеты
typo3/cms-core
>= 4.5.0, < 4.5.31
4.5.31
typo3/cms-core
>= 4.6.0, < 4.7.16
4.7.16
typo3/cms-core
>= 6.0.0, < 6.0.11
6.0.11
EPSS
CVE ID
Связанные уязвимости
The creating record functionality in Extension table administration library (feuser_adminLib.inc) in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, and 6.0.0 through 6.0.11 allows remote attackers to write to arbitrary fields in the configuration database table via crafted links, aka "Mass Assignment."
The creating record functionality in Extension table administration library (feuser_adminLib.inc) in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, and 6.0.0 through 6.0.11 allows remote attackers to write to arbitrary fields in the configuration database table via crafted links, aka "Mass Assignment."
The creating record functionality in Extension table administration li ...
EPSS