Описание
It was found that Typo3 Core versions 4.5.0 - 4.5.5 uses prepared statements that, if the parameter values are not properly replaced, could lead to a SQL Injection vulnerability. This issue can only be exploited if two or more parameters are bound to the query and at least two come from user input.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 4.5.6+dfsg1-1 |
| hardy | ignored | end of life |
| lucid | ignored | end of life |
| maverick | ignored | end of life |
| natty | ignored | end of life |
| oneiric | ignored | end of life |
| precise | not-affected | 4.5.6+dfsg1-1 |
| quantal | not-affected | 4.5.6+dfsg1-1 |
| raring | not-affected | 4.5.6+dfsg1-1 |
| saucy | not-affected | 4.5.6+dfsg1-1 |
Показывать по
7.5 High
CVSS2
9.8 Critical
CVSS3
Связанные уязвимости
It was found that Typo3 Core versions 4.5.0 - 4.5.5 uses prepared statements that, if the parameter values are not properly replaced, could lead to a SQL Injection vulnerability. This issue can only be exploited if two or more parameters are bound to the query and at least two come from user input.
It was found that Typo3 Core versions 4.5.0 - 4.5.5 uses prepared stat ...
Typo3 SQL injection due to faulty prepared statements
7.5 High
CVSS2
9.8 Critical
CVSS3