CVE-2013-7073 Information

Description

The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31 4.7.0 through 4.7.16 6.0.0 through 6.0.11 and 6.1.0 through 6.1.6 does not check permissions which allows remote authenticated editors to read arbitrary TYPO3 table columns via unspecified parameters.

Reference

http://lists.opensuse.org/opensuse-security-announce/2016-08/msg00028.html http://lists.opensuse.org/opensuse-updates/2016-08/msg00083.html http://lists.opensuse.org/opensuse-updates/2016-08/msg00106.html http://seclists.org/oss-sec/2013/q4/473 http://seclists.org/oss-sec/2013/q4/487 http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-004/ http://www.debian.org/security/2014/dsa-2834