CVE-2011-3583

Опубликовано: 26 нояб. 2019

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

It was found that Typo3 Core versions 4.5.0 - 4.5.5 uses prepared statements that, if the parameter values are not properly replaced, could lead to a SQL Injection vulnerability. This issue can only be exploited if two or more parameters are bound to the query and at least two come from user input.

Ссылки

https://access.redhat.com/security/cve/cve-2011-3583
Broken Link
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=641682
Third Party Advisory
https://security-tracker.debian.org/tracker/CVE-2011-3583
Third Party Advisory
https://typo3.org/security/advisory/typo3-core-sa-2011-002/
Vendor Advisory
https://access.redhat.com/security/cve/cve-2011-3583
Broken Link
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=641682
Third Party Advisory
https://security-tracker.debian.org/tracker/CVE-2011-3583
Third Party Advisory
https://typo3.org/security/advisory/typo3-core-sa-2011-002/
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*

Версия от 4.5.0 (включая) до 4.5.5 (включая)

EPSS

Процентиль: 64%

0.00472

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-89

Связанные уязвимости

CVE-2011-3583

CVSS3: 9.8

ubuntu

около 6 лет назад

CVE-2011-3583

CVSS3: 9.8

debian

около 6 лет назад

It was found that Typo3 Core versions 4.5.0 - 4.5.5 uses prepared stat ...

GHSA-gx4p-6w86-f8jx

CVSS3: 9.8

github

почти 4 года назад

Typo3 SQL injection due to faulty prepared statements

EPSS

Процентиль: 64%

0.00472

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-89