CVE-2013-7073: TYPO3 vulnerable to Information Disclosure via Content Editing Wizards component
6.5
CVSS Score
3.1
Basic Information
CVE ID
GHSA ID
EPSS Score
0.50635%
CWE
Published
5/17/2022
Updated
8/28/2023
KEV Status
No
Technology
PHP
Technical Details
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
typo3/cms | composer | >= 4.5.0, <= 4.5.31 | 4.5.32 |
typo3/cms | composer | >= 4.7.0, <= 4.7.16 | 4.7.17 |
typo3/cms | composer | >= 6.0.0, <= 6.0.11 | 6.0.12 |
typo3/cms | composer | >= 6.1.0, <= 6.1.6 | 6.1.7 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The provided vulnerability reports and advisories explicitly state that the Content Editing Wizards component lacked permission checks, but they do not disclose specific function names
or file paths
where the vulnerability manifests. While the general component (Content Editing Wizards) and attack vector (via URL parameters) are identified, the lack of commit diffs, patch details, or code examples makes it impossible to pinpoint exact vulnerable functions
with high confidence. TYPO3's
security bulletin (TYPO3-CORE-SA-2013-004
) and CVE
description describe the issue at a component level without technical specifics about the affected code implementation
.