CVE-2013-4871

Опубликовано: 20 июл. 2013

Источник: nvd

CVSS2: 6.8

EPSS Низкий

Описание

Cross-site request forgery (CSRF) vulnerability in the TEQneers SEO Enhancements (tq_seo) extension before 5.0.1 for TYPO3 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

Ссылки

http://osvdb.org/93816
http://secunia.com/advisories/53634
Vendor Advisory
http://typo3.org/extensions/repository/view/tq_seo
Vendor Advisory
http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-007/
Vendor Advisory
http://www.securityfocus.com/bid/60274
https://exchange.xforce.ibmcloud.com/vulnerabilities/84660
http://osvdb.org/93816
http://secunia.com/advisories/53634
Vendor Advisory
http://typo3.org/extensions/repository/view/tq_seo
Vendor Advisory
http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-007/
Vendor Advisory
http://www.securityfocus.com/bid/60274
https://exchange.xforce.ibmcloud.com/vulnerabilities/84660

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:markus_blaschke:tq_seo:*:*:*:*:*:*:*:*

Версия до 5.0.0 (включая)

cpe:2.3:a:typo3:typo3:-:*:*:*:*:*:*:*

EPSS

Процентиль: 48%

0.00254

Низкий

6.8 Medium

CVSS2

Дефекты

CWE-352

Связанные уязвимости

GHSA-ffwr-gq9f-j2rr

github

больше 3 лет назад