{"containers":{"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2013-12-10T00:00:00.000Z","descriptions":[{"lang":"en","value":"The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 does not check permissions, which allows remote authenticated editors to read arbitrary TYPO3 table columns via unspecified parameters."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2016-11-25T20:57:01.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"name":"[oss-security] 20131212 Re: CVE request: TYPO3-CORE-SA-2013-004 and TYPO3-FLOW-SA-2013-001","tags":["mailing-list","x_refsource_MLIST"],"url":"http://seclists.org/oss-sec/2013/q4/487"},{"name":"openSUSE-SU-2016:2169","tags":["vendor-advisory","x_refsource_SUSE"],"url":"http://lists.opensuse.org/opensuse-updates/2016-08/msg00106.html"},{"name":"openSUSE-SU-2016:2025","tags":["vendor-advisory","x_refsource_SUSE"],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00028.html"},{"name":"[oss-security] 20131211 CVE request: TYPO3-CORE-SA-2013-004 and TYPO3-FLOW-SA-2013-001","tags":["mailing-list","x_refsource_MLIST"],"url":"http://seclists.org/oss-sec/2013/q4/473"},{"tags":["x_refsource_CONFIRM"],"url":"http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004/"},{"name":"openSUSE-SU-2016:2114","tags":["vendor-advisory","x_refsource_SUSE"],"url":"http://lists.opensuse.org/opensuse-updates/2016-08/msg00083.html"},{"name":"DSA-2834","tags":["vendor-advisory","x_refsource_DEBIAN"],"url":"http://www.debian.org/security/2014/dsa-2834"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2013-7073","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 does not check permissions, which allows remote authenticated editors to read arbitrary TYPO3 table columns via unspecified parameters."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"[oss-security] 20131212 Re: CVE request: TYPO3-CORE-SA-2013-004 and TYPO3-FLOW-SA-2013-001","refsource":"MLIST","url":"http://seclists.org/oss-sec/2013/q4/487"},{"name":"openSUSE-SU-2016:2169","refsource":"SUSE","url":"http://lists.opensuse.org/opensuse-updates/2016-08/msg00106.html"},{"name":"openSUSE-SU-2016:2025","refsource":"SUSE","url":"http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00028.html"},{"name":"[oss-security] 20131211 CVE request: TYPO3-CORE-SA-2013-004 and TYPO3-FLOW-SA-2013-001","refsource":"MLIST","url":"http://seclists.org/oss-sec/2013/q4/473"},{"name":"http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004/","refsource":"CONFIRM","url":"http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004/"},{"name":"openSUSE-SU-2016:2114","refsource":"SUSE","url":"http://lists.opensuse.org/opensuse-updates/2016-08/msg00083.html"},{"name":"DSA-2834","refsource":"DEBIAN","url":"http://www.debian.org/security/2014/dsa-2834"}]}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-06T17:53:46.010Z"},"title":"CVE Program Container","references":[{"name":"[oss-security] 20131212 Re: CVE request: TYPO3-CORE-SA-2013-004 and TYPO3-FLOW-SA-2013-001","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"http://seclists.org/oss-sec/2013/q4/487"},{"name":"openSUSE-SU-2016:2169","tags":["vendor-advisory","x_refsource_SUSE","x_transferred"],"url":"http://lists.opensuse.org/opensuse-updates/2016-08/msg00106.html"},{"name":"openSUSE-SU-2016:2025","tags":["vendor-advisory","x_refsource_SUSE","x_transferred"],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00028.html"},{"name":"[oss-security] 20131211 CVE request: TYPO3-CORE-SA-2013-004 and TYPO3-FLOW-SA-2013-001","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"http://seclists.org/oss-sec/2013/q4/473"},{"tags":["x_refsource_CONFIRM","x_transferred"],"url":"http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004/"},{"name":"openSUSE-SU-2016:2114","tags":["vendor-advisory","x_refsource_SUSE","x_transferred"],"url":"http://lists.opensuse.org/opensuse-updates/2016-08/msg00083.html"},{"name":"DSA-2834","tags":["vendor-advisory","x_refsource_DEBIAN","x_transferred"],"url":"http://www.debian.org/security/2014/dsa-2834"}]}]},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2013-7073","datePublished":"2013-12-23T23:00:00.000Z","dateReserved":"2013-12-11T00:00:00.000Z","dateUpdated":"2024-08-06T17:53:46.010Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}