ID CVE-2013-7080
Summary The creating record functionality in Extension table administration library (feuser_adminLib.inc) in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, and 6.0.0 through 6.0.11 allows remote attackers to write to arbitrary fields in the configuration database table via crafted links, aka "Mass Assignment."
References
Vulnerable Configurations
  • cpe:2.3:a:typo3:typo3:6.0:*:*:*:*:*:*:*
    cpe:2.3:a:typo3:typo3:6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:typo3:typo3:6.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:typo3:typo3:6.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:typo3:typo3:6.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:typo3:typo3:6.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:typo3:typo3:6.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:typo3:typo3:6.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:typo3:typo3:6.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:typo3:typo3:6.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:typo3:typo3:6.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:typo3:typo3:6.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:typo3:typo3:6.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:typo3:typo3:6.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:typo3:typo3:6.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:typo3:typo3:6.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:typo3:typo3:6.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:typo3:typo3:6.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:typo3:typo3:6.0.9:*:*:*:*:*:*:*
    cpe:2.3:a:typo3:typo3:6.0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:typo3:typo3:6.0.10:*:*:*:*:*:*:*
    cpe:2.3:a:typo3:typo3:6.0.10:*:*:*:*:*:*:*
  • cpe:2.3:a:typo3:typo3:6.0.11:*:*:*:*:*:*:*
    cpe:2.3:a:typo3:typo3:6.0.11:*:*:*:*:*:*:*
  • cpe:2.3:a:typo3:typo3:4.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:typo3:typo3:4.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:typo3:typo3:4.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:typo3:typo3:4.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:typo3:typo3:4.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:typo3:typo3:4.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:typo3:typo3:4.5.3:*:*:*:*:*:*:*
    cpe:2.3:a:typo3:typo3:4.5.3:*:*:*:*:*:*:*
  • cpe:2.3:a:typo3:typo3:4.5.4:*:*:*:*:*:*:*
    cpe:2.3:a:typo3:typo3:4.5.4:*:*:*:*:*:*:*
  • cpe:2.3:a:typo3:typo3:4.5.5:*:*:*:*:*:*:*
    cpe:2.3:a:typo3:typo3:4.5.5:*:*:*:*:*:*:*
  • cpe:2.3:a:typo3:typo3:4.5.6:*:*:*:*:*:*:*
    cpe:2.3:a:typo3:typo3:4.5.6:*:*:*:*:*:*:*
  • cpe:2.3:a:typo3:typo3:4.5.7:*:*:*:*:*:*:*
    cpe:2.3:a:typo3:typo3:4.5.7:*:*:*:*:*:*:*
  • cpe:2.3:a:typo3:typo3:4.5.8:*:*:*:*:*:*:*
    cpe:2.3:a:typo3:typo3:4.5.8:*:*:*:*:*:*:*
  • cpe:2.3:a:typo3:typo3:4.5.9:*:*:*:*:*:*:*
    cpe:2.3:a:typo3:typo3:4.5.9:*:*:*:*:*:*:*
  • cpe:2.3:a:typo3:typo3:4.5.10:*:*:*:*:*:*:*
    cpe:2.3:a:typo3:typo3:4.5.10:*:*:*:*:*:*:*
  • cpe:2.3:a:typo3:typo3:4.5.11:*:*:*:*:*:*:*
    cpe:2.3:a:typo3:typo3:4.5.11:*:*:*:*:*:*:*
  • cpe:2.3:a:typo3:typo3:4.5.12:*:*:*:*:*:*:*
    cpe:2.3:a:typo3:typo3:4.5.12:*:*:*:*:*:*:*
  • cpe:2.3:a:typo3:typo3:4.5.13:*:*:*:*:*:*:*
    cpe:2.3:a:typo3:typo3:4.5.13:*:*:*:*:*:*:*
  • cpe:2.3:a:typo3:typo3:4.5.14:*:*:*:*:*:*:*
    cpe:2.3:a:typo3:typo3:4.5.14:*:*:*:*:*:*:*
  • cpe:2.3:a:typo3:typo3:4.5.15:*:*:*:*:*:*:*
    cpe:2.3:a:typo3:typo3:4.5.15:*:*:*:*:*:*:*
  • cpe:2.3:a:typo3:typo3:4.5.16:*:*:*:*:*:*:*
    cpe:2.3:a:typo3:typo3:4.5.16:*:*:*:*:*:*:*
  • cpe:2.3:a:typo3:typo3:4.5.17:*:*:*:*:*:*:*
    cpe:2.3:a:typo3:typo3:4.5.17:*:*:*:*:*:*:*
  • cpe:2.3:a:typo3:typo3:4.5.18:*:*:*:*:*:*:*
    cpe:2.3:a:typo3:typo3:4.5.18:*:*:*:*:*:*:*
  • cpe:2.3:a:typo3:typo3:4.5.19:*:*:*:*:*:*:*
    cpe:2.3:a:typo3:typo3:4.5.19:*:*:*:*:*:*:*
  • cpe:2.3:a:typo3:typo3:4.5.20:*:*:*:*:*:*:*
    cpe:2.3:a:typo3:typo3:4.5.20:*:*:*:*:*:*:*
  • cpe:2.3:a:typo3:typo3:4.5.21:*:*:*:*:*:*:*
    cpe:2.3:a:typo3:typo3:4.5.21:*:*:*:*:*:*:*
  • cpe:2.3:a:typo3:typo3:4.5.22:*:*:*:*:*:*:*
    cpe:2.3:a:typo3:typo3:4.5.22:*:*:*:*:*:*:*
  • cpe:2.3:a:typo3:typo3:4.5.23:*:*:*:*:*:*:*
    cpe:2.3:a:typo3:typo3:4.5.23:*:*:*:*:*:*:*
  • cpe:2.3:a:typo3:typo3:4.5.24:*:*:*:*:*:*:*
    cpe:2.3:a:typo3:typo3:4.5.24:*:*:*:*:*:*:*
  • cpe:2.3:a:typo3:typo3:4.5.25:*:*:*:*:*:*:*
    cpe:2.3:a:typo3:typo3:4.5.25:*:*:*:*:*:*:*
  • cpe:2.3:a:typo3:typo3:4.5.26:*:*:*:*:*:*:*
    cpe:2.3:a:typo3:typo3:4.5.26:*:*:*:*:*:*:*
  • cpe:2.3:a:typo3:typo3:4.5.27:*:*:*:*:*:*:*
    cpe:2.3:a:typo3:typo3:4.5.27:*:*:*:*:*:*:*
  • cpe:2.3:a:typo3:typo3:4.5.28:*:*:*:*:*:*:*
    cpe:2.3:a:typo3:typo3:4.5.28:*:*:*:*:*:*:*
  • cpe:2.3:a:typo3:typo3:4.5.29:*:*:*:*:*:*:*
    cpe:2.3:a:typo3:typo3:4.5.29:*:*:*:*:*:*:*
  • cpe:2.3:a:typo3:typo3:4.5.30:*:*:*:*:*:*:*
    cpe:2.3:a:typo3:typo3:4.5.30:*:*:*:*:*:*:*
  • cpe:2.3:a:typo3:typo3:4.5.31:*:*:*:*:*:*:*
    cpe:2.3:a:typo3:typo3:4.5.31:*:*:*:*:*:*:*
  • cpe:2.3:a:typo3:typo3:4.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:typo3:typo3:4.7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:typo3:typo3:4.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:typo3:typo3:4.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:typo3:typo3:4.7.2:*:*:*:*:*:*:*
    cpe:2.3:a:typo3:typo3:4.7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:typo3:typo3:4.7.3:*:*:*:*:*:*:*
    cpe:2.3:a:typo3:typo3:4.7.3:*:*:*:*:*:*:*
  • cpe:2.3:a:typo3:typo3:4.7.4:*:*:*:*:*:*:*
    cpe:2.3:a:typo3:typo3:4.7.4:*:*:*:*:*:*:*
  • cpe:2.3:a:typo3:typo3:4.7.5:*:*:*:*:*:*:*
    cpe:2.3:a:typo3:typo3:4.7.5:*:*:*:*:*:*:*
  • cpe:2.3:a:typo3:typo3:4.7.6:*:*:*:*:*:*:*
    cpe:2.3:a:typo3:typo3:4.7.6:*:*:*:*:*:*:*
  • cpe:2.3:a:typo3:typo3:4.7.7:*:*:*:*:*:*:*
    cpe:2.3:a:typo3:typo3:4.7.7:*:*:*:*:*:*:*
  • cpe:2.3:a:typo3:typo3:4.7.8:*:*:*:*:*:*:*
    cpe:2.3:a:typo3:typo3:4.7.8:*:*:*:*:*:*:*
  • cpe:2.3:a:typo3:typo3:4.7.9:*:*:*:*:*:*:*
    cpe:2.3:a:typo3:typo3:4.7.9:*:*:*:*:*:*:*
  • cpe:2.3:a:typo3:typo3:4.7.10:*:*:*:*:*:*:*
    cpe:2.3:a:typo3:typo3:4.7.10:*:*:*:*:*:*:*
  • cpe:2.3:a:typo3:typo3:4.7.11:*:*:*:*:*:*:*
    cpe:2.3:a:typo3:typo3:4.7.11:*:*:*:*:*:*:*
  • cpe:2.3:a:typo3:typo3:4.7.12:*:*:*:*:*:*:*
    cpe:2.3:a:typo3:typo3:4.7.12:*:*:*:*:*:*:*
  • cpe:2.3:a:typo3:typo3:4.7.13:*:*:*:*:*:*:*
    cpe:2.3:a:typo3:typo3:4.7.13:*:*:*:*:*:*:*
  • cpe:2.3:a:typo3:typo3:4.7.14:*:*:*:*:*:*:*
    cpe:2.3:a:typo3:typo3:4.7.14:*:*:*:*:*:*:*
  • cpe:2.3:a:typo3:typo3:4.7.15:*:*:*:*:*:*:*
    cpe:2.3:a:typo3:typo3:4.7.15:*:*:*:*:*:*:*
  • cpe:2.3:a:typo3:typo3:4.7.16:*:*:*:*:*:*:*
    cpe:2.3:a:typo3:typo3:4.7.16:*:*:*:*:*:*:*
CVSS
Base: 5.8 (as of 14-01-2014 - 04:29)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL NONE
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:N
refmap via4
confirm http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004/
debian DSA-2834
mlist [oss-security] 20131211 CVE request: TYPO3-CORE-SA-2013-004 and TYPO3-FLOW-SA-2013-001
Last major update 14-01-2014 - 04:29
Published 23-12-2013 - 23:55
Last modified 14-01-2014 - 04:29
Back to Top