Main Vulnerability Database Vulnerabilities #VU41655

Permissions, Privileges, and Access Controls in TYPO3 - CVE-2013-4320

Published: May 20, 2014 / Updated: August 10, 2020

Vulnerability identifier: #VU41655

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2013-4320

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: TYPO3

Affected software:
TYPO3

Detailed vulnerability description

The vulnerability allows a remote #AU# to read and manipulate data.

The File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.9 and 6.1.x before 6.1.4 does not properly check permissions, which allows remote authenticated users to create or read arbitrary files via a crafted URL.

How to mitigate CVE-2013-4320

Install update from vendor's website.

Sources

https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-003/

Permissions, Privileges, and Access Controls in TYPO3 - CVE-2013-4320

Detailed vulnerability description

How to mitigate CVE-2013-4320

Sources

Please verify you're human