Candidate: CVE-2013-7080
PublicDate: 2013-12-23 23:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7080
 http://www.openwall.com/lists/oss-security/2013/12/12
Description:
 The creating record functionality in Extension table administration library
 (feuser_adminLib.inc) in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16,
 and 6.0.0 through 6.0.11 allows remote attackers to write to arbitrary
 fields in the configuration database table via crafted links, aka "Mass
 Assignment."
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=731999
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_typo3-src:
upstream_typo3-src: released (4.5.32+dfsg1-1)
lucid_typo3-src: ignored (reached end-of-life)
precise_typo3-src: ignored (reached end-of-life)
precise/esm_typo3-src: DNE (precise was needed)
quantal_typo3-src: ignored (reached end-of-life)
raring_typo3-src: released (4.5.19+dfsg1-5+wheezy2build0.13.04.1)
saucy_typo3-src: ignored (reached end-of-life)
trusty_typo3-src: not-affected (4.5.32+dfsg1-1)
trusty/esm_typo3-src: DNE (trusty was not-affected [4.5.32+dfsg1-1])
utopic_typo3-src: not-affected (4.5.32+dfsg1-1)
vivid_typo3-src: not-affected (4.5.32+dfsg1-1)
vivid/stable-phone-overlay_typo3-src: DNE
vivid/ubuntu-core_typo3-src: DNE
wily_typo3-src: DNE
xenial_typo3-src: DNE
yakkety_typo3-src: DNE
zesty_typo3-src: DNE
devel_typo3-src: DNE