CVE-2014-6289
Severity CVSS v4.0:
Pending analysis
Type:
CWE-264
Permissions, Privileges, and Access Control
Publication date:
03/10/2014
Last modified:
12/04/2025
Description
The Ajax dispatcher for Extbase in the Yet Another Gallery (yag) extension before 3.0.1 and Tools for Extbase development (pt_extbase) extension before 1.5.1 allows remote attackers to bypass access restrictions and execute arbitrary controller actions via unspecified vectors.
Impact
Base Score 2.0
7.50
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:daniel_lienert:yet_another_gallery:*:*:*:*:*:typo3:*:* | 3.0.0 (including) | |
| cpe:2.3:a:michael_knoll:tools_for_extbase_developmen:*:*:*:*:*:typo3:*:* | 1.5.0 (including) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://typo3.org/extensions/repository/view/pt_extbase
- http://typo3.org/extensions/repository/view/yag
- http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-005/
- http://typo3.org/extensions/repository/view/pt_extbase
- http://typo3.org/extensions/repository/view/yag
- http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-005/