CVE-2013-7073

NameCVE-2013-7073
DescriptionThe Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 does not check permissions, which allows remote authenticated editors to read arbitrary TYPO3 table columns via unspecified parameters.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDSA-2834-1
Debian Bugs731999

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
typo3-srcsourcesqueeze4.3.9+dfsg1-1+squeeze9DSA-2834-1
typo3-srcsourcewheezy4.5.19+dfsg1-5+wheezy2DSA-2834-1
typo3-srcsource(unstable)4.5.32+dfsg1-1731999

Notes

https://review.typo3.org/#/c/26180/

Search for package or bug name: Reporting problems