CVE-2007-6381
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
66.1%
SQL injection vulnerability in the indexed_search system extension in TYPO3 3.x, 4.0 through 4.0.7, and 4.1 through 4.1.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| typo3 | typo3 | * | cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:* |
| typo3 | typo3 | 3.0 | cpe:2.3:a:typo3:typo3:3.0:*:*:*:*:*:*:* |
| typo3 | typo3 | 3.7.0 | cpe:2.3:a:typo3:typo3:3.7.0:*:*:*:*:*:*:* |
| typo3 | typo3 | 3.7.1 | cpe:2.3:a:typo3:typo3:3.7.1:*:*:*:*:*:*:* |
| typo3 | typo3 | 3.8 | cpe:2.3:a:typo3:typo3:3.8:*:*:*:*:*:*:* |
| typo3 | typo3 | 3.8.1 | cpe:2.3:a:typo3:typo3:3.8.1:*:*:*:*:*:*:* |
| typo3 | typo3 | 4.0 | cpe:2.3:a:typo3:typo3:4.0:*:*:*:*:*:*:* |
| typo3 | typo3 | 4.0.1 | cpe:2.3:a:typo3:typo3:4.0.1:*:*:*:*:*:*:* |
| typo3 | typo3 | 4.0.2 | cpe:2.3:a:typo3:typo3:4.0.2:*:*:*:*:*:*:* |
| typo3 | typo3 | 4.0.3 | cpe:2.3:a:typo3:typo3:4.0.3:*:*:*:*:*:*:* |
References
bugs.debian.org/cgi-bin/bugreport.cgi?bug=457446
osvdb.org/39506
secunia.com/advisories/27969
secunia.com/advisories/28243
securitytracker.com/id?1019146
typo3.org/teams/security/security-bulletins/typo3-20071210-1/
www.debian.org/security/2007/dsa-1439
www.securityfocus.com/bid/26871
www.vupen.com/english/advisories/2007/4205
exchange.xforce.ibmcloud.com/vulnerabilities/39017
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
66.1%