TYPO3 up to 6.0.11 Table Administration Library feuser_adminLib.inc security check
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 6.2 | $0-$5k | 0.00 |
Summary
A vulnerability categorized as critical has been discovered in TYPO3 up to 6.0.11. This issue affects some unknown processing in the library feuser_adminLib.inc of the component Table Administration Library. Executing a manipulation can lead to security check. This vulnerability appears as CVE-2013-7080. There is no available exploit. It is advisable to upgrade the affected component.
Details
A vulnerability has been found in TYPO3 up to 6.0.11 (Content Management System) and classified as critical. This vulnerability affects an unknown functionality in the library feuser_adminLib.inc of the component Table Administration Library. The manipulation with an unknown input leads to a security check vulnerability. The CWE definition for the vulnerability is CWE-358. The product does not implement or incorrectly implements one or more security-relevant checks as specified by the design of a standardized algorithm, protocol, or technique. As an impact it is known to affect confidentiality, and integrity. CVE summarizes:
The creating record functionality in Extension table administration library (feuser_adminLib.inc) in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, and 6.0.0 through 6.0.11 allows remote attackers to write to arbitrary fields in the configuration database table via crafted links, aka "Mass Assignment."
The weakness was presented 12/10/2013 by Bernhard Kraft as TYPO3-CORE-SA-2013-004: Multiple Vulnerabilities in TYPO3 CMS as confirmed advisory (Website). The advisory is shared for download at typo3.org. This vulnerability was named CVE-2013-7080 since 12/11/2013. The attack can be initiated remotely. No form of authentication is required for a successful exploitation. There are known technical details, but no exploit is available. The MITRE ATT&CK project declares the attack technique as T1211. The advisory points out:
Extensions that make use of the feuser_adminLib.inc library to create records are susceptible to Mass Assignment. This means that any links for creating records generated by this library can be manipulated to fill any field in the configured database table with arbitrary values. An attack is not limited to the fields listed in the configuration or the link itself. This library has been deprecated and removed from TYPO3 versions 6.1 and later but we still decided to fix this issue in previous versions.
The vulnerability scanner Nessus provides a plugin with the ID 71782 (Debian DSA-2834-1 : typo3-src - several vulnerabilities), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Debian Local Security Checks. The commercial vulnerability scanner Qualys is able to test this issue with plugin 175249 (Debian Security Update for typo3-src (DSA-2834-1)).
Upgrading to version 4.5.32, 4.7.17 or 6.0.12 eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability. The advisory contains the following remark:
Extension authors are highly encouraged not to use this deprecated library anymore.
The vulnerability is also documented in the databases at X-Force (89632), Tenable (71782), SecurityFocus (BID 64248†), OSVDB (100887†) and Vulnerability Center (SBV-42821†). See VDB-11481, VDB-11482, VDB-11483 and VDB-11484 for similar entries. Once again VulDB remains the best source for vulnerability data.
Product
Type
Name
Version
License
Website
- Product: https://typo3.org/
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 6.5VulDB Meta Temp Score: 6.2
VulDB Base Score: 6.5
VulDB Temp Score: 6.2
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Security checkCWE: CWE-358
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 71782
Nessus Name: Debian DSA-2834-1 : typo3-src - several vulnerabilities
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
OpenVAS ID: 702834
OpenVAS Name: Debian Security Advisory DSA 2834-1 (typo3-src - several vulnerabilities
OpenVAS File: 🔍
OpenVAS Family: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
Reaction Time: 🔍
0-Day Time: 🔍
Exposure Time: 🔍
Upgrade: TYPO3 4.5.32/4.7.17/6.0.12
Timeline
12/10/2013 🔍12/10/2013 🔍
12/10/2013 🔍
12/10/2013 🔍
12/11/2013 🔍
12/13/2013 🔍
12/23/2013 🔍
01/08/2014 🔍
06/04/2021 🔍
Sources
Product: typo3.orgAdvisory: TYPO3-CORE-SA-2013-004: Multiple Vulnerabilities in TYPO3 CMS
Researcher: Bernhard Kraft
Status: Confirmed
Confirmation: 🔍
CVE: CVE-2013-7080 (🔍)
GCVE (CVE): GCVE-0-2013-7080
GCVE (VulDB): GCVE-100-11488
OVAL: 🔍
X-Force: 89632
SecurityFocus: 64248 - TYPO3 'feuser_adminLib.inc' Library Security Bypass Vulnerability
OSVDB: 100887
Vulnerability Center: 42821 - TYPO3 Extension Table Administration Library Remote Security Bypass Vulnerability via Crafted Links - CVE-2013-7080, Medium
See also: 🔍
Entry
Created: 12/13/2013 09:01Updated: 06/04/2021 09:47
Changes: 12/13/2013 09:01 (77), 05/19/2017 10:36 (4), 06/04/2021 09:47 (3)
Complete: 🔍
Cache ID: 216:8C2:103
No comments yet. Languages: en.
Please log in to comment.