Improper Access Control Affecting mittwald/typo3_forum package, versions <1.2.1
Snyk CVSS
Attack Complexity
Low
Threat Intelligence
Exploit Maturity
Mature
EPSS
0.07% (30th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-PHP-MITTWALDTYPO3FORUM-597635
- published 30 Jul 2020
- disclosed 30 Jul 2020
- credit Unknown
Introduced: 30 Jul 2020
CVE-2020-15513 Open this link in a new tabHow to fix?
Upgrade mittwald/typo3_forum
to version 1.2.1 or higher.
Overview
mittwald/typo3_forum is a Forum extension.
Affected versions of this package are vulnerable to Improper Access Control. The ACL check of the extension is broken under certain conditions allowing anonymous users to create forum posts although this feature is disabled for anonymous users in the access control list.