CVE-2012-6146 | Vulnerability Database | Aqua Security

The Backend History Module in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 does not properly restrict access, which allows remote authenticated editors to read the history of arbitrary records via a crafted URL.

Affected Software

Name	Vendor	Start Version	End Version
Typo3	Typo3	4.6.0 (including)	4.6.0 (including)
Typo3	Typo3	4.6.1 (including)	4.6.1 (including)
Typo3	Typo3	4.6.2 (including)	4.6.2 (including)
Typo3	Typo3	4.6.3 (including)	4.6.3 (including)
Typo3	Typo3	4.6.4 (including)	4.6.4 (including)
Typo3	Typo3	4.6.5 (including)	4.6.5 (including)
Typo3	Typo3	4.6.6 (including)	4.6.6 (including)
Typo3	Typo3	4.6.7 (including)	4.6.7 (including)
Typo3	Typo3	4.6.8 (including)	4.6.8 (including)
Typo3	Typo3	4.6.9 (including)	4.6.9 (including)
Typo3	Typo3	4.6.10 (including)	4.6.10 (including)
Typo3	Typo3	4.6.11 (including)	4.6.11 (including)
Typo3	Typo3	4.6.12 (including)	4.6.12 (including)
Typo3	Typo3	4.6.13 (including)	4.6.13 (including)

References

http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005/
http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005/

NVD	https://nvd.nist.gov/vuln/detail/CVE-2012-6146
CWE	https://cwe.mitre.org/data/definitions/264.html