CVE-2013-7073
TYPO3 vulnerable to Information Disclosure via Content Editing Wizards component
6.5
MEDIUM
CVSS 3.1
EPSS 0.27%
Description
The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 does not check permissions, which allows remote authenticated editors to read arbitrary TYPO3 table columns via unspecified parameters.
How to fix CVE-2013-7073
To remediate CVE-2013-7073, upgrade the affected package to a fixed version below.
- —upgrade to 4.3.9+dfsg1-1+squeeze9 or later
- —upgrade to 4.5.32 or later
Is CVE-2013-7073 being exploited?
Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 4.3.9+dfsg1-1+squeeze9
- >= 4.5.0, < 4.5.32
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.5 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |