Описание
Typo3 Backend History Module Vulnerable to SQL Injection
SQL injection vulnerability in the Backend History module in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 Due to missing encoding of user input, the history module is susceptible to SQL Injection and Cross-Site Scripting. A valid backend login is required to exploit this vulnerability.
Пакеты
typo3/cms
>= 4.5.0, <= 4.5.20
4.5.21
typo3/cms
>= 4.6.0, <= 4.6.13
4.6.14
typo3/cms
>= 4.7.0, <= 4.7.5
4.7.6
Связанные уязвимости
SQL injection vulnerability in the Backend History module in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 allows remote authenticated backend users to execute arbitrary SQL commands via unspecified vectors.
SQL injection vulnerability in the Backend History module in TYPO3 4.5 ...