Main Vulnerability Database Vulnerabilities #VU42212

Input validation error in TYPO3 - CVE-2013-7079

Published: December 24, 2013 / Updated: August 10, 2020

Vulnerability identifier: #VU42212

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2013-7079

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: TYPO3

Affected software:
TYPO3

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Open redirect vulnerability in the OpenID extension in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

How to mitigate CVE-2013-7079

Install update from vendor's website.

Sources

http://seclists.org/oss-sec/2013/q4/473
http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004/
http://www.debian.org/security/2014/dsa-2834
http://www.securityfocus.com/bid/64252

Input validation error in TYPO3 - CVE-2013-7079

Detailed vulnerability description

How to mitigate CVE-2013-7079

Sources

Please verify you're human