CVE-2013-7073 — Sensitive Information Exposure in CMS

CWE-264 CWE-200 — Sensitive Information Exposure5 documents4 sources

Severity

4.0MEDIUMNVD

EPSS

0.3%

top 49.00%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Typo3 CMS Typo3

Timeline

PublishedDec 23

Latest updateMay 17

Description

The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 does not check permissions, which allows remote authenticated editors to read arbitrary TYPO3 table columns via unspecified parameters.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 8.0 | Impact: 2.9

Affected Packages2 packages

▶Packagisttypo3/cms4.5.0 — 4.5.32+3

▶NVDtypo3/typo368 versions+67

🔴Vulnerability Details

GHSA

TYPO3 vulnerable to Information Disclosure via Content Editing Wizards component↗2022-05-17

▶

OSV

TYPO3 vulnerable to Information Disclosure via Content Editing Wizards component↗2022-05-17

▶

CVEList

CVE-2013-7073: The Content Editing Wizards component in TYPO3 4↗2013-12-23

▶

OSV

CVE-2013-7073: The Content Editing Wizards component in TYPO3 4↗2013-12-23

▶