| Name | CVE-2013-7073 |
| Description | The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 does not check permissions, which allows remote authenticated editors to read arbitrary TYPO3 table columns via unspecified parameters. |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
| References | DSA-2834-1 |
| Debian Bugs | 731999 |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| typo3-src | source | squeeze | 4.3.9+dfsg1-1+squeeze9 | DSA-2834-1 | ||
| typo3-src | source | wheezy | 4.5.19+dfsg1-5+wheezy2 | DSA-2834-1 | ||
| typo3-src | source | (unstable) | 4.5.32+dfsg1-1 | 731999 |
https://review.typo3.org/#/c/26180/