Miggo Logo

CVE-2013-7073: TYPO3 vulnerable to Information Disclosure via Content Editing Wizards component

6.5

CVSS Score
3.1

Basic Information

EPSS Score
0.50635%
Published
5/17/2022
Updated
8/28/2023
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
typo3/cmscomposer>= 4.5.0, <= 4.5.314.5.32
typo3/cmscomposer>= 4.7.0, <= 4.7.164.7.17
typo3/cmscomposer>= 6.0.0, <= 6.0.116.0.12
typo3/cmscomposer>= 6.1.0, <= 6.1.66.1.7

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The provided vulnerability reports and advisories explicitly state that the Content Editing Wizards component lacked permission checks, but they do not disclose specific function names or file paths where the vulnerability manifests. While the general component (Content Editing Wizards) and attack vector (via URL parameters) are identified, the lack of commit diffs, patch details, or code examples makes it impossible to pinpoint exact vulnerable functions with high confidence. TYPO3's security bulletin (TYPO3-CORE-SA-2013-004) and CVE description describe the issue at a component level without technical specifics about the affected code implementation.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

T** *ont*nt **itin* Wiz*r*s *ompon*nt in TYPO* *.*.* t*rou** *.*.**, *.*.* t*rou** *.*.**, *.*.* t*rou** *.*.**, *n* *.*.* t*rou** *.*.* *o*s not ****k p*rmissions, w*i** *llows r*mot* *ut**nti**t** **itors to r*** *r*itr*ry TYPO* t**l* *olumns vi* u

Reasoning

T** provi*** vuln*r**ility r*ports *n* **visori*s *xpli*itly st*t* t**t t** *ont*nt **itin* Wiz*r*s *ompon*nt l**k** p*rmission ****ks, *ut t**y *o not *is*los* sp**i*i* `*un*tion n*m*s` or `*il* p*t*s` w**r* t** vuln*r**ility m*ni**sts. W*il* t** **