CVE-2013-7080 — Improperly Controlled Modification of Dynamically-Determined Object Attributes in Cms-core

5 documents4 sources

Severity

5.8MEDIUMNVD

EPSS

0.3%

top 49.09%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Typo3 Cms-core Typo3

Timeline

PublishedDec 23

Latest updateMay 17

Description

The creating record functionality in Extension table administration library (feuser_adminLib.inc) in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, and 6.0.0 through 6.0.11 allows remote attackers to write to arbitrary fields in the configuration database table via crafted links, aka "Mass Assignment."

CVSS vector

AV:N/AC:M/C:P/I:P/A:NExploitability: 8.6 | Impact: 4.9

Affected Packages2 packages

▶Packagisttypo3/cms-core4.5.0 — 4.5.31+2

▶NVDtypo3/typo361 versions+60

🔴Vulnerability Details

OSV

TYPO3 is vulnerable to Mass Assignment in the Extension table administration library↗2022-05-17

▶

GHSA

TYPO3 is vulnerable to Mass Assignment in the Extension table administration library↗2022-05-17

▶

CVEList

CVE-2013-7080: The creating record functionality in Extension table administration library (feuser_adminLib↗2013-12-23

▶

OSV

CVE-2013-7080: The creating record functionality in Extension table administration library (feuser_adminLib↗2013-12-23

▶