Main Vulnerability Database Vulnerabilities #VU42214

Permissions, Privileges, and Access Controls in TYPO3 - CVE-2013-7081

Published: December 24, 2013 / Updated: August 10, 2020

Vulnerability identifier: #VU42214

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2013-7081

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: TYPO3

Affected software:
TYPO3

Detailed vulnerability description

The vulnerability allows a remote #AU# to read and manipulate data.

The (old) Form Content Element component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote authenticated editors to generate arbitrary HMAC signatures and bypass intended access restrictions via unspecified vectors.

How to mitigate CVE-2013-7081

Install update from vendor's website.

Sources

http://seclists.org/oss-sec/2013/q4/473
http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004/
http://www.debian.org/security/2014/dsa-2834

Permissions, Privileges, and Access Controls in TYPO3 - CVE-2013-7081

Detailed vulnerability description

How to mitigate CVE-2013-7081

Sources

Please verify you're human