CVE-2013-7080 — TYPO3 is vulnerable to Mass Assignment in the Extension table administration lib

Description

The creating record functionality in Extension table administration library (feuser_adminLib.inc) in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, and 6.0.0 through 6.0.11 allows remote attackers to write to arbitrary fields in the configuration database table via crafted links, aka "Mass Assignment."

How to fix CVE-2013-7080

To remediate CVE-2013-7080, upgrade the affected package to a fixed version below.

Packagist/typo3/cms-core—upgrade to 4.5.31 or later

Is CVE-2013-7080 being exploited?

Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

>= 4.5.0, < 4.5.31

References (5)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2013-7080
PATCHgithub.com/TYPO3-CMS/core
WEBseclists.org/oss-sec/2013/q4/473
WEBtypo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004
WEB