Sql injection

2013-06-2023:55:00

PRIOn knowledge base

www.prio-n.com

9.1 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

74.1%

JSON

SQL injection vulnerability in the jQuery autocomplete for indexed_search (rzautocomplete) extension before 0.0.9 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CPENameOperatorVersion
rzautocompleteeq0.0.2
rzautocompleteeq0.0.3
rzautocompleteeq0.0.4
rzautocompleteeq0.0.5
rzautocompleteeq0.0.6
rzautocompleteeq0.0.7
rzautocompleteeq0.0.8

Name	Operator	Version
rzautocomplete	eq	0.0.2
rzautocomplete	eq	0.0.3
rzautocomplete	eq	0.0.4
rzautocomplete	eq	0.0.5
rzautocomplete	eq	0.0.6
rzautocomplete	eq	0.0.7
rzautocomplete	eq	0.0.8

References

osvdb.org/93815

secunia.com/advisories/53633

typo3.org/extensions/repository/view/rzautocomplete

typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-007/

www.securityfocus.com/bid/60276

exchange.xforce.ibmcloud.com/vulnerabilities/84659