Miggo Logo
Miggo Vulnerability Database
CVE-2013-7080

CVE-2013-7080: TYPO3 is vulnerable to Mass Assignment in the Extension table administration library

5.8

CVSS Score

Basic Information

CVE ID
CVE-2013-7080
GHSA ID
GHSA-5fj8-wh3g-qvq2
EPSS Score
0.5058%
CWE
-
Published
5/17/2022
Updated
8/29/2023
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
AV:N/AC:M/Au:N/C:P/I:P/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
typo3/cms-corecomposer>= 4.5.0, < 4.5.314.5.31
typo3/cms-corecomposer>= 4.6.0, < 4.7.164.7.16
typo3/cms-corecomposer>= 6.0.0, < 6.0.116.0.11

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability description explicitly identifies feuser_adminLib.inc as the vulnerable component and attributes the issue to mass assignment during record creation. Mass assignment vulnerabilities typically occur when functions bind user input to database fields without proper restrictions. While the exact function name isn't provided in the advisories, the file path and context (record creation in a deprecated library) strongly indicate that the record creation handler in this file lacked field validation. The confidence is high because the library's purpose and the vulnerability type align with the described attack vector.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

T** *r**tin* r**or* *un*tion*lity in *xt*nsion t**l* **ministr*tion li*r*ry (**us*r_**minLi*.in*) in TYPO* *.*.* t*rou** *.*.**, *.*.* t*rou** *.*.**, *n* *.*.* t*rou** *.*.** *llows r*mot* *tt**k*rs to writ* to *r*itr*ry *i*l*s in t** *on*i*ur*tion

Reasoning

T** vuln*r**ility **s*ription *xpli*itly i**nti*i*s `**us*r_**minLi*.in*` *s t** vuln*r**l* *ompon*nt *n* *ttri*ut*s t** issu* to m*ss *ssi*nm*nt *urin* r**or* *r**tion. M*ss *ssi*nm*nt vuln*r**iliti*s typi**lly o**ur w**n *un*tions *in* us*r input t