An issue exists in the pixxio (aka pixx.io integration or DAM) extension prior to 1.0.6 for TYPO3. The Access Control in the bundled media browser is broken, which allows an unauthenticated malicious user to perform requests to the pixx.io API for the configured API user. This allows an malicious user to download various media files from the DAM system.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
pixxio pixx.io |