Main Vulnerability Database Vulnerabilities #VU41653

Permissions, Privileges, and Access Controls in TYPO3 - CVE-2012-6146

Published: May 20, 2014 / Updated: August 10, 2020

Vulnerability identifier: #VU41653

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2012-6146

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: TYPO3

Affected software:
TYPO3

Detailed vulnerability description

The vulnerability allows a remote #AU# to gain access to sensitive information.

The Backend History Module in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 does not properly restrict access, which allows remote authenticated editors to read the history of arbitrary records via a crafted URL.

How to mitigate CVE-2012-6146

Install update from vendor's website.

Sources

http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005/

Permissions, Privileges, and Access Controls in TYPO3 - CVE-2012-6146

Detailed vulnerability description

How to mitigate CVE-2012-6146

Sources

Please verify you're human