Lucene search

[email protected]CVE-2009-4710

HistoryOct 03, 2022 - 4:24 p.m.

CVE-2009-4710

2022-10-0316:24:03

CWE-89

[email protected]

web.nvd.nist.gov

cve-2009-4710

sql injection

typo3

extension

security vulnerability

8.8 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

51.4%

JSON

SQL injection vulnerability in the Reset backend password (cwt_resetbepassword) extension 1.20 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Affected configurations

NVD

Node

robert_heelcwt_resetbepasswordRange≤1.20

AND

typo3typo3

CPENameOperatorVersion
robert_heel:cwt_resetbepasswordrobert heel cwt resetbepasswordle1.20

CPE	Name	Operator	Version
robert_heel:cwt_resetbepassword	robert heel cwt resetbepassword	le	1.20

References

secunia.com/advisories/36084

typo3.org/teams/security/security-bulletins/typo3-sa-2009-010/

www.securityfocus.com/bid/35876

8.8 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

51.4%

JSON

Related for CVE-2009-4710

prion1 nvd1 cvelist1