Sql injection

2019-11-2600:15:00

PRIOn knowledge base

www.prio-n.com

8.2 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

65.1%

JSON

It was found that Typo3 Core versions 4.5.0 - 4.5.5 uses prepared statements that, if the parameter values are not properly replaced, could lead to a SQL Injection vulnerability. This issue can only be exploited if two or more parameters are bound to the query and at least two come from user input.

CPENameOperatorVersion
typo3ge4.5.0
typo3le4.5.5

CPE	Name	Operator	Version
	typo3	ge	4.5.0
	typo3	le	4.5.5

References

access.redhat.com/security/cve/cve-2011-3583

bugs.debian.org/cgi-bin/bugreport.cgi?bug=641682

security-tracker.debian.org/tracker/CVE-2011-3583

typo3.org/security/advisory/typo3-core-sa-2011-002/