Описание
The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 does not check permissions, which allows remote authenticated editors to read arbitrary TYPO3 table columns via unspecified parameters.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was not-affected [4.5.32+dfsg1-1]] |
| lucid | ignored | end of life |
| precise | ignored | end of life |
| precise/esm | DNE | precise was needed |
| quantal | ignored | end of life |
| raring | released | 4.5.19+dfsg1-5+wheezy2build0.13.04.1 |
| saucy | ignored | end of life |
| trusty | not-affected | 4.5.32+dfsg1-1 |
| trusty/esm | DNE | trusty was not-affected [4.5.32+dfsg1-1] |
Показывать по
4 Medium
CVSS2
Связанные уязвимости
The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 does not check permissions, which allows remote authenticated editors to read arbitrary TYPO3 table columns via unspecified parameters.
The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4 ...
TYPO3 vulnerable to Information Disclosure via Content Editing Wizards component
4 Medium
CVSS2