CVE-2013-4320 — Improper Access Control in Cms-core

CWE-264 CWE-284 — Improper Access Control4 documents4 sources

Severity

5.5MEDIUMNVD

EPSS

0.1%

top 67.57%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Typo3 Cms-core Typo3

Timeline

PublishedMay 20

Latest updateMay 17

Description

The File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.9 and 6.1.x before 6.1.4 does not properly check permissions, which allows remote authenticated users to create or read arbitrary files via a crafted URL.

CVSS vector

AV:N/AC:L/C:P/I:P/A:NExploitability: 8.0 | Impact: 4.9

Affected Packages2 packages

▶Packagisttypo3/cms-core6.0 — 6.0.9+1

▶NVDtypo3/typo313 versions+12

🔴Vulnerability Details

OSV

TYPO3 Improper Access Management in the File Abstraction Layer↗2022-05-17

▶

GHSA

TYPO3 Improper Access Management in the File Abstraction Layer↗2022-05-17

▶

CVEList

CVE-2013-4320: The File Abstraction Layer (FAL) in TYPO3 6↗2014-05-20

▶