CVE-2013-7081 — TYPO3 Improper Access Control vulnerability

Description

The (old) Form Content Element component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote authenticated editors to generate arbitrary HMAC signatures and bypass intended access restrictions via unspecified vectors.

How to fix CVE-2013-7081

To remediate CVE-2013-7081, upgrade the affected package to a fixed version below.

Packagist/typo3/cms-core—upgrade to 4.5.31 or later

Is CVE-2013-7081 being exploited?

Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

>= 4.5.0, < 4.5.31

References (5)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2013-7081
PATCHgithub.com/TYPO3-CMS/core
WEBseclists.org/oss-sec/2013/q4/473
WEBtypo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004
WEB