CVE-2013-7073 — typo3-src - several

Description

The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 does not check permissions, which allows remote authenticated editors to read arbitrary TYPO3 table columns via unspecified parameters.

How to fix CVE-2013-7073

To remediate CVE-2013-7073, upgrade the affected package to a fixed version below.

—upgrade to 4.3.9+dfsg1-1+squeeze9 or later
—upgrade to 4.5.32 or later

Is CVE-2013-7073 being exploited?

Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

from 0, < 4.3.9+dfsg1-1+squeeze9
>= 4.5.0, < 4.5.32

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM6.5	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

References (9)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2013-7073
PATCHgithub.com/TYPO3/typo3
WEBlists.opensuse.org/opensuse-security-announce/2016-08/msg00028.html
WEBlists.opensuse.org/opensuse-updates/2016-08/msg00083.html
WEB