Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 does not check permissions, which allows remote authenticated editors to read arbitrary TYPO3 table columns via unspecified parameters.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
TYPO3 Content Editing Wizards组件权限许可和访问控制漏洞
Vulnerability Description
TYPO3是瑞士TYPO3协会维护的一套免费开源的内容管理系统(框架)(CMS/CMF)。Content Editing Wizards是其中的一个内容编辑向导。 TYPO3的Content Editing Wizards组件中存在权限许可和访问控制漏洞,该漏洞源于程序没有检查用户的权限。远程经过授权的编辑者可通过伪造的URL参数利用该漏洞读取任意TYPO3表中列的内容。以下版本受到影响:TYPO3 4.5.0至4.5.31版本,4.7.0至4.7.16版本,6.0.0至6.0.11版本,6.1.0至6.
CVSS Information
N/A
Vulnerability Type
N/A