Lucene search
HistoryOct 03, 2014 - 2:55 p.m.
CVE-2014-6293
cve
2014
6293
sql injection
typo3
statistics
ke_stats
nvd
remote attackers
arbitrary commands
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
8.7 High
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
55.9%
SQL injection vulnerability in the Statistics (ke_stats) extension before 1.1.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, as exploited in the wild in February 2014.
Affected configurations
Node
kennzifferstatisticsRange≤1.1.1typo3
| CPE | Name | Operator | Version |
|---|---|---|---|
| kennziffer:statistics | kennziffer statistics | le | 1.1.1 |
Related
prion
prion
Sql injection
2014-10-03 14:55:00
nvd
nvd
CVE-2014-6293
2014-10-03 14:55:09
cvelist
cvelist
CVE-2014-6293
2014-10-03 14:00:00
typo3
typo3
Several vulnerabilities in third party extensions
2014-02-12 00:00:00
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
8.7 High
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
55.9%
Related for CVE-2014-6293