Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-4320

Overview

Vulnerability Score 5.5 5.5
CVE Id CVE-2013-4320
Last Modified 21 May 2014 09:08:07
Published 20 May 2014 10:55:04
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2013-4320

Summary

The File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.9 and 6.1.x before 6.1.4 does not properly check permissions, which allows remote authenticated users to create or read arbitrary files via a crafted URL.

Vulnerable Systems

Application

  • Typo3 6.0

  • Typo3 6.0.1

  • Typo3 6.0.2

  • Typo3 6.0.3

  • Typo3 6.0.4

  • Typo3 6.0.5

  • Typo3 6.0.6

  • Typo3 6.0.7

  • Typo3 6.0.8

  • Typo3 6.1

  • Typo3 6.1.1

  • Typo3 6.1.2

  • Typo3 6.1.3


References

CONFIRM - https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-003/


Last Updated: 27 May 2016 11:05:19