The Backend History Module in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 does not properly restrict access, which allows remote authenticated editors to read the history of arbitrary records via a crafted URL.
References
Link | Resource |
---|---|
http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005/ | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2014-05-20T14:00:00
Updated: 2014-05-20T12:57:00
Reserved: 2012-12-06T00:00:00
Link: CVE-2012-6146
JSON object: View
NVD Information
Status : Analyzed
Published: 2014-05-20T14:55:04.067
Modified: 2014-05-21T12:47:11.147
Link: CVE-2012-6146
JSON object: View
Redhat Information
No data.
CWE