CVE-2014-3946Sensitive Information Exposure in CMS

CWE-200Sensitive Information Exposure4 documents4 sources
Severity
4.0MEDIUMNVD
EPSS
0.2%
top 64.31%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Typo3 CMSTypo3
Timeline
PublishedJun 3
Latest updateMay 17

Description

The query caching functionality in the Extbase Framework component in TYPO3 6.2.0 before 6.2.3 does not properly validate group permissions, which allows remote authenticated users to read arbitrary queries via unspecified vectors.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 8.0 | Impact: 2.9

Affected Packages2 packages

Packagisttypo3/cms6.2.06.2.3
NVDtypo3/typo34 versions+3

🔴Vulnerability Details

3
OSV
Typo3 Information Disclosure2022-05-17
GHSA
Typo3 Information Disclosure2022-05-17
CVEList
CVE-2014-3946: The query caching functionality in the Extbase Framework component in TYPO3 62014-06-03
CVE-2014-3946 — Sensitive Information Exposure in CMS | cvebase