CVE-2012-6146

Опубликовано: 20 мая 2014

Источник: nvd

CVSS2: 4

EPSS Низкий

Описание

The Backend History Module in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 does not properly restrict access, which allows remote authenticated editors to read the history of arbitrary records via a crafted URL.

Ссылки

http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005/
Vendor Advisory
http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005/
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:typo3:typo3:4.6.0:*:*:*:*:*:*:*

cpe:2.3:a:typo3:typo3:4.6.1:*:*:*:*:*:*:*

cpe:2.3:a:typo3:typo3:4.6.2:*:*:*:*:*:*:*

cpe:2.3:a:typo3:typo3:4.6.3:*:*:*:*:*:*:*

cpe:2.3:a:typo3:typo3:4.6.4:*:*:*:*:*:*:*

cpe:2.3:a:typo3:typo3:4.6.5:*:*:*:*:*:*:*

cpe:2.3:a:typo3:typo3:4.6.6:*:*:*:*:*:*:*

cpe:2.3:a:typo3:typo3:4.6.7:*:*:*:*:*:*:*

cpe:2.3:a:typo3:typo3:4.6.8:*:*:*:*:*:*:*

cpe:2.3:a:typo3:typo3:4.6.9:*:*:*:*:*:*:*

cpe:2.3:a:typo3:typo3:4.6.10:*:*:*:*:*:*:*

cpe:2.3:a:typo3:typo3:4.6.11:*:*:*:*:*:*:*

cpe:2.3:a:typo3:typo3:4.6.12:*:*:*:*:*:*:*

cpe:2.3:a:typo3:typo3:4.6.13:*:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:a:typo3:typo3:4.7:*:*:*:*:*:*:*

cpe:2.3:a:typo3:typo3:4.7.0:*:*:*:*:*:*:*

cpe:2.3:a:typo3:typo3:4.7.1:*:*:*:*:*:*:*

cpe:2.3:a:typo3:typo3:4.7.2:*:*:*:*:*:*:*

cpe:2.3:a:typo3:typo3:4.7.3:*:*:*:*:*:*:*

cpe:2.3:a:typo3:typo3:4.7.4:*:*:*:*:*:*:*

cpe:2.3:a:typo3:typo3:4.7.5:*:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:a:typo3:typo3:4.5:*:*:*:*:*:*:*

cpe:2.3:a:typo3:typo3:4.5.0:*:*:*:*:*:*:*

cpe:2.3:a:typo3:typo3:4.5.1:*:*:*:*:*:*:*

cpe:2.3:a:typo3:typo3:4.5.2:*:*:*:*:*:*:*

cpe:2.3:a:typo3:typo3:4.5.3:*:*:*:*:*:*:*

cpe:2.3:a:typo3:typo3:4.5.4:*:*:*:*:*:*:*

cpe:2.3:a:typo3:typo3:4.5.5:*:*:*:*:*:*:*

cpe:2.3:a:typo3:typo3:4.5.6:*:*:*:*:*:*:*

cpe:2.3:a:typo3:typo3:4.5.7:*:*:*:*:*:*:*

cpe:2.3:a:typo3:typo3:4.5.8:*:*:*:*:*:*:*

cpe:2.3:a:typo3:typo3:4.5.9:*:*:*:*:*:*:*

cpe:2.3:a:typo3:typo3:4.5.10:*:*:*:*:*:*:*

cpe:2.3:a:typo3:typo3:4.5.11:*:*:*:*:*:*:*

cpe:2.3:a:typo3:typo3:4.5.12:*:*:*:*:*:*:*

cpe:2.3:a:typo3:typo3:4.5.13:*:*:*:*:*:*:*

cpe:2.3:a:typo3:typo3:4.5.14:*:*:*:*:*:*:*

cpe:2.3:a:typo3:typo3:4.5.15:*:*:*:*:*:*:*

cpe:2.3:a:typo3:typo3:4.5.16:*:*:*:*:*:*:*

cpe:2.3:a:typo3:typo3:4.5.17:*:*:*:*:*:*:*

cpe:2.3:a:typo3:typo3:4.5.18:*:*:*:*:*:*:*

cpe:2.3:a:typo3:typo3:4.5.19:*:*:*:*:*:*:*

cpe:2.3:a:typo3:typo3:4.5.20:*:*:*:*:*:*:*

EPSS

Процентиль: 39%

0.00176

Низкий

4 Medium

CVSS2

Дефекты

CWE-264

Связанные уязвимости

CVE-2012-6146

debian

больше 11 лет назад

The Backend History Module in TYPO3 4.5.x before 4.5.21, 4.6.x before ...

GHSA-2hp4-8h6h-93rr

github

больше 3 лет назад

Typo3 Backend History Module Vulnerable to XSS

EPSS

Процентиль: 39%

0.00176

Низкий

4 Medium

CVSS2

Дефекты

CWE-264