CVE-2013-7081 — Improper Access Control in Cms-core

CWE-264 CWE-284 — Improper Access Control5 documents4 sources

Severity

4.9MEDIUMNVD

EPSS

0.2%

top 61.58%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Typo3 Cms-core Typo3

Timeline

PublishedDec 23

Latest updateMay 17

Description

The (old) Form Content Element component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote authenticated editors to generate arbitrary HMAC signatures and bypass intended access restrictions via unspecified vectors.

CVSS vector

AV:N/AC:M/C:P/I:P/A:NExploitability: 6.8 | Impact: 4.9

Affected Packages2 packages

▶Packagisttypo3/cms-core4.5.0 — 4.5.31+3

▶NVDtypo3/typo368 versions+67

🔴Vulnerability Details

GHSA

TYPO3 Improper Access Control vulnerability↗2022-05-17

▶

OSV

TYPO3 Improper Access Control vulnerability↗2022-05-17

▶

CVEList

CVE-2013-7081: The (old) Form Content Element component in TYPO3 4↗2013-12-23

▶

OSV

CVE-2013-7081: The (old) Form Content Element component in TYPO3 4↗2013-12-23

▶