Описание
The creating record functionality in Extension table administration library (feuser_adminLib.inc) in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, and 6.0.0 through 6.0.11 allows remote attackers to write to arbitrary fields in the configuration database table via crafted links, aka "Mass Assignment."
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was not-affected [4.5.32+dfsg1-1]] |
| lucid | ignored | end of life |
| precise | ignored | end of life |
| precise/esm | DNE | precise was needed |
| quantal | ignored | end of life |
| raring | released | 4.5.19+dfsg1-5+wheezy2build0.13.04.1 |
| saucy | ignored | end of life |
| trusty | not-affected | 4.5.32+dfsg1-1 |
| trusty/esm | DNE | trusty was not-affected [4.5.32+dfsg1-1] |
Показывать по
5.8 Medium
CVSS2
Связанные уязвимости
The creating record functionality in Extension table administration library (feuser_adminLib.inc) in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, and 6.0.0 through 6.0.11 allows remote attackers to write to arbitrary fields in the configuration database table via crafted links, aka "Mass Assignment."
The creating record functionality in Extension table administration li ...
TYPO3 is vulnerable to Mass Assignment in the Extension table administration library
5.8 Medium
CVSS2