CVE Vulnerabilities

CVE-2013-7080

Published: Dec 23, 2013 | Modified: Apr 11, 2025
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5.8 MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM
root.io minimus.io echohq.com

The creating record functionality in Extension table administration library (feuser_adminLib.inc) in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, and 6.0.0 through 6.0.11 allows remote attackers to write to arbitrary fields in the configuration database table via crafted links, aka Mass Assignment.

Affected Software

Name Vendor Start Version End Version
Typo3 Typo3 6.0 (including) 6.0 (including)
Typo3 Typo3 6.0.1 (including) 6.0.1 (including)
Typo3 Typo3 6.0.2 (including) 6.0.2 (including)
Typo3 Typo3 6.0.3 (including) 6.0.3 (including)
Typo3 Typo3 6.0.4 (including) 6.0.4 (including)
Typo3 Typo3 6.0.5 (including) 6.0.5 (including)
Typo3 Typo3 6.0.6 (including) 6.0.6 (including)
Typo3 Typo3 6.0.7 (including) 6.0.7 (including)
Typo3 Typo3 6.0.8 (including) 6.0.8 (including)
Typo3 Typo3 6.0.9 (including) 6.0.9 (including)
Typo3 Typo3 6.0.10 (including) 6.0.10 (including)
Typo3 Typo3 6.0.11 (including) 6.0.11 (including)
Typo3-src Ubuntu lucid *
Typo3-src Ubuntu precise *
Typo3-src Ubuntu quantal *
Typo3-src Ubuntu raring *
Typo3-src Ubuntu saucy *
Typo3-src Ubuntu upstream *

References