typo3-src - several

2013-03-1500:00:00

Google

osv.dev

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.005 Low

EPSS

Percentile

73.2%

JSON

TYPO3, a PHP-based content management system, was found vulnerable to several vulnerabilities.

CVE-2013-1842
Helmut Hummel and Markus Opahle discovered that the Extbase database layer
was not correctly sanitizing user input when using the Query object model.
This can lead to SQL injection by a malicious user inputing crafted
relation values.
CVE-2013-1843
Missing user input validation in the access tracking mechanism could lead
to arbitrary URL redirection.

Note: the fix will break already published links. Upstream advisory
TYPO3-CORE-SA-2013-001
has more information on how to mitigate that.

For the stable distribution (squeeze), these problems have been fixed in
version 4.3.9+dfsg1-1+squeeze8.

For the testing distribution (wheezy), these problems have been fixed in
version 4.5.19+dfsg1-5.

For the unstable distribution (sid), these problems have been fixed in
version 4.5.19+dfsg1-5.

We recommend that you upgrade your typo3-src packages.

CPENameOperatorVersion
typo3-srceq4.3.9+dfsg1-1
typo3-srceq4.3.9+dfsg1-1+squeeze1
typo3-srceq4.3.9+dfsg1-1+squeeze2
typo3-srceq4.3.9+dfsg1-1+squeeze3
typo3-srceq4.3.9+dfsg1-1+squeeze4
typo3-srceq4.3.9+dfsg1-1+squeeze5
typo3-srceq4.3.9+dfsg1-1+squeeze6
typo3-srceq4.3.9+dfsg1-1+squeeze7

Name	Operator	Version
typo3-src	eq	4.3.9+dfsg1-1
typo3-src	eq	4.3.9+dfsg1-1+squeeze1
typo3-src	eq	4.3.9+dfsg1-1+squeeze2
typo3-src	eq	4.3.9+dfsg1-1+squeeze3
typo3-src	eq	4.3.9+dfsg1-1+squeeze4
typo3-src	eq	4.3.9+dfsg1-1+squeeze5
typo3-src	eq	4.3.9+dfsg1-1+squeeze6
typo3-src	eq	4.3.9+dfsg1-1+squeeze7