Risk | Medium |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2020-15513 |
CWE-ID | CWE-284 |
Exploitation vector | Network |
Public exploit | Public exploit code for vulnerability #1 is available. |
Vulnerable software Subscribe |
typo3_forum Web applications / Modules and components for CMS |
Vendor | Mittwald CM Service |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
EUVDB-ID: #VU29572
Risk: Medium
CVSSv3.1: 4.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:P/RL:O/RC:C]
CVE-ID: CVE-2020-15513
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to the ACL check of the extension is broken under certain conditions. A remote attacker can bypass implemented security restrictions and create forum posts.
MitigationInstall updates from vendor's website.
Vulnerable software versionstypo3_forum: 1.0.0 - 1.2.0
External linkshttp://typo3.org/security/advisory/typo3-ext-sa-2020-010/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.