Improper Access Control Affecting mittwald/typo3_forum package, versions <1.2.1


0.0
medium

Snyk CVSS

    Attack Complexity Low

    Threat Intelligence

    Exploit Maturity Mature
    EPSS 0.07% (30th percentile)
Expand this section
NVD
5.3 medium

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-PHP-MITTWALDTYPO3FORUM-597635
  • published 30 Jul 2020
  • disclosed 30 Jul 2020
  • credit Unknown

How to fix?

Upgrade mittwald/typo3_forum to version 1.2.1 or higher.

Overview

mittwald/typo3_forum is a Forum extension.

Affected versions of this package are vulnerable to Improper Access Control. The ACL check of the extension is broken under certain conditions allowing anonymous users to create forum posts although this feature is disabled for anonymous users in the access control list.