Lucene search
HistoryNov 02, 2009 - 3:30 p.m.
CVE-2009-3632
CVSS2
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
AI Score
7.7
Confidence
Low
EPSS
0.002
Percentile
55.4%
SQL injection vulnerability in the traditional frontend editing feature in the Frontend Editing subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote authenticated users to execute arbitrary SQL commands via unspecified parameters.
Affected configurations
Node
typo3typo3Range≤4.0.13
ORtypo3typo3Match4.0
ORtypo3typo3Match4.0.1
ORtypo3typo3Match4.0.2
ORtypo3typo3Match4.0.3
ORtypo3typo3Match4.0.4
ORtypo3typo3Match4.0.5
ORtypo3typo3Match4.0.6
ORtypo3typo3Match4.0.7
ORtypo3typo3Match4.0.8
ORtypo3typo3Match4.0.9
ORtypo3typo3Match4.0.10
ORtypo3typo3Match4.0.11
ORtypo3typo3Match4.0.12
ORtypo3typo3Match4.1beta
ORtypo3typo3Match4.1rc1
ORtypo3typo3Match4.1.0
ORtypo3typo3Match4.1.0beta1
ORtypo3typo3Match4.1.0rc1
ORtypo3typo3Match4.1.1
ORtypo3typo3Match4.1.2
ORtypo3typo3Match4.1.3
ORtypo3typo3Match4.1.4
ORtypo3typo3Match4.1.5
ORtypo3typo3Match4.1.6
ORtypo3typo3Match4.1.7
ORtypo3typo3Match4.1.8
ORtypo3typo3Match4.1.9
ORtypo3typo3Match4.1.10
ORtypo3typo3Match4.1.11
ORtypo3typo3Match4.1.12
ORtypo3typo3Match4.2.0
ORtypo3typo3Match4.2.1
ORtypo3typo3Match4.2.2
ORtypo3typo3Match4.2.3
ORtypo3typo3Match4.2.4
ORtypo3typo3Match4.2.5
ORtypo3typo3Match4.2.6
ORtypo3typo3Match4.2.7
ORtypo3typo3Match4.2.8
ORtypo3typo3Match4.2.9
ORtypo3typo3Match4.3
ORtypo3typo3Match4.3alpha1
ORtypo3typo3Match4.3beta1
ORtypo3typo3Match4.10
ORtypo3typo3Match4.11
| Vendor | Product | Version | CPE |
|---|---|---|---|
| typo3 | typo3 | * | cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:* |
| typo3 | typo3 | 4.0 | cpe:2.3:a:typo3:typo3:4.0:*:*:*:*:*:*:* |
| typo3 | typo3 | 4.0.1 | cpe:2.3:a:typo3:typo3:4.0.1:*:*:*:*:*:*:* |
| typo3 | typo3 | 4.0.2 | cpe:2.3:a:typo3:typo3:4.0.2:*:*:*:*:*:*:* |
| typo3 | typo3 | 4.0.3 | cpe:2.3:a:typo3:typo3:4.0.3:*:*:*:*:*:*:* |
| typo3 | typo3 | 4.0.4 | cpe:2.3:a:typo3:typo3:4.0.4:*:*:*:*:*:*:* |
| typo3 | typo3 | 4.0.5 | cpe:2.3:a:typo3:typo3:4.0.5:*:*:*:*:*:*:* |
| typo3 | typo3 | 4.0.6 | cpe:2.3:a:typo3:typo3:4.0.6:*:*:*:*:*:*:* |
| typo3 | typo3 | 4.0.7 | cpe:2.3:a:typo3:typo3:4.0.7:*:*:*:*:*:*:* |
| typo3 | typo3 | 4.0.8 | cpe:2.3:a:typo3:typo3:4.0.8:*:*:*:*:*:*:* |
Related
cvelist
cvelist
CVE-2009-3632
2009-11-02 15:00:00
ubuntucve
ubuntucve
CVE-2009-3632
2009-11-02 00:00:00
cve
cve
CVE-2009-3632
2009-11-02 15:30:00
prion
prion
Sql injection
2009-11-02 15:30:00
openvas
openvas
TYPO3 Multiple Vulnerabilities (Oct 2009)
2013-12-27 00:00:00
FreeBSD Ports: typo3
2009-11-11 00:00:00
Debian Security Advisory DSA 1926-1 (typo3-src)
2009-11-11 00:00:00
nessus
nessus
Debian DSA-1926-1 : typo3-src - several vulnerabilities
2010-02-24 00:00:00
freebsd
freebsd
typo3 -- multiple vulnerabilities in TYPO3 Core
2009-10-22 00:00:00
osv
osv
typo3-src - several vulnerabilities
2009-11-04 00:00:00
debian
debian
[SECURITY] [DSA 1926-1] New TYPO3 packages fix several vulnerabilities
2009-11-04 19:33:20
securityvulns
securityvulns
CVSS2
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
AI Score
7.7
Confidence
Low
EPSS
0.002
Percentile
55.4%
Related for NVD:CVE-2009-3632