Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2010-5104

Опубликовано: 21 мая 2012
Источник: nvd
CVSS2: 4.3
EPSS Низкий

Описание

The escapeStrForLike method in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 does not properly escape input when the MySQL database is set to sql_mode NO_BACKSLASH_ESCAPES, which allows remote attackers to obtain sensitive information via wildcard characters in a LIKE query.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:typo3:typo3:4.2.0:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:4.2.1:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:4.2.2:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:4.2.3:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:4.2.4:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:4.2.5:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:4.2.6:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:4.2.7:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:4.2.8:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:4.2.9:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:4.2.10:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:4.2.11:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:4.2.12:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:4.2.13:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:4.2.14:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:4.2.15:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:4.3.0:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:4.3.1:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:4.3.2:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:4.3.3:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:4.3.4:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:4.3.5:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:4.3.6:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:4.3.7:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:4.3.8:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:4.4.1:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:4.4.2:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:4.4.3:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:4.4.4:*:*:*:*:*:*:*

EPSS

Процентиль: 73%
0.00765
Низкий

4.3 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

ubuntu логотип

CVE-2010-5104

ubuntu
больше 13 лет назад

The escapeStrForLike method in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 does not properly escape input when the MySQL database is set to sql_mode NO_BACKSLASH_ESCAPES, which allows remote attackers to obtain sensitive information via wildcard characters in a LIKE query.

debian логотип

CVE-2010-5104

debian
больше 13 лет назад

The escapeStrForLike method in TYPO3 4.2.x before 4.2.16, 4.3.x before ...

github логотип

GHSA-xgc2-q928-27wv

github
больше 3 лет назад

TYPO3 Sensitive Information Disclosure via escapeStrForLike method

EPSS

Процентиль: 73%
0.00765
Низкий

4.3 Medium

CVSS2

Дефекты

CWE-200