Arbitrary Record History Disclosure in TYPO3 Backend History Module

Arbitrary Record History Disclosure in TYPO3 Backend History Module

CVE-2012-6146 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:N/A:N

The Backend History Module in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 does not properly restrict access, which allows remote authenticated editors to read the history of arbitrary records via a crafted URL.

Learn more about our Web Application Penetration Testing UK.