CVE-2012-6146

The Backend History Module in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 does not properly restrict access, which allows remote authenticated editors to read the history of arbitrary records via a crafted URL.

Published: May 20, 2014
Updated: Nov 9, 2025
CVE: CVE-2012-6146
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4
AV:N/AC:L/Au:S/C:P/I:N/A:N

CWEs:

CWE-264

Affected Software
References

Software	From	Fixed in
typo3 / typo3	4.6.6	4.6.6.x
typo3 / typo3	4.6.3	4.6.3.x
typo3 / typo3	4.6.13	4.6.13.x
typo3 / typo3	4.6.12	4.6.12.x
typo3 / typo3	4.6.8	4.6.8.x
typo3 / typo3	4.6.0	4.6.0.x
typo3 / typo3	4.6.10	4.6.10.x
typo3 / typo3	4.6.5	4.6.5.x
typo3 / typo3	4.6.1	4.6.1.x
typo3 / typo3	4.6.4	4.6.4.x
typo3 / typo3	4.6.7	4.6.7.x
typo3 / typo3	4.6.2	4.6.2.x
typo3 / typo3	4.6.9	4.6.9.x
typo3 / typo3	4.6.11	4.6.11.x
typo3 / typo3	4.7.5	4.7.5.x
typo3 / typo3	4.7.1	4.7.1.x
typo3 / typo3	4.7.2	4.7.2.x
typo3 / typo3	4.7.4	4.7.4.x
typo3 / typo3	4.7	4.7.x
typo3 / typo3	4.7.0	4.7.0.x
typo3 / typo3	4.7.3	4.7.3.x
typo3 / typo3	4.5.3	4.5.3.x
typo3 / typo3	4.5.9	4.5.9.x
typo3 / typo3	4.5.12	4.5.12.x
typo3 / typo3	4.5.15	4.5.15.x
typo3 / typo3	4.5.5	4.5.5.x
typo3 / typo3	4.5.13	4.5.13.x
typo3 / typo3	4.5.17	4.5.17.x
typo3 / typo3	4.5.8	4.5.8.x
typo3 / typo3	4.5.14	4.5.14.x
typo3 / typo3	4.5.7	4.5.7.x
typo3 / typo3	4.5.20	4.5.20.x
typo3 / typo3	4.5.6	4.5.6.x
typo3 / typo3	4.5.18	4.5.18.x
typo3 / typo3	4.5.0	4.5.0.x
typo3 / typo3	4.5	4.5.x
typo3 / typo3	4.5.11	4.5.11.x
typo3 / typo3	4.5.19	4.5.19.x
typo3 / typo3	4.5.1	4.5.1.x
typo3 / typo3	4.5.16	4.5.16.x
typo3 / typo3	4.5.4	4.5.4.x
typo3 / typo3	4.5.2	4.5.2.x
typo3 / typo3	4.5.10	4.5.10.x

http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005/

Vulnerability Database

314,343

CVE-2012-6146

Deep Security Visibility Without the Complexity