5 matches found
TYPO3 Sensitive Information Disclosure via escapeStrForLike method
The escapeStrForLike method in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 does not properly escape input when the MySQL database is set to sqlmode NOBACKSLASHESCAPES, which allows remote attackers to obtain sensitive information via wildcard characters in a LIKE query...
GHSA-XGC2-Q928-27WV TYPO3 Sensitive Information Disclosure via escapeStrForLike method
The escapeStrForLike method in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 does not properly escape input when the MySQL database is set to sqlmode NOBACKSLASHESCAPES, which allows remote attackers to obtain sensitive information via wildcard characters in a LIKE query...
TYPO3 Multiple Vulnerabilities (Dec 2010)
TYPO3 is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:typo3:typo3"; ifdescription...
CVE-2010-5104
The escapeStrForLike method in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 does not properly escape input when the MySQL database is set to sqlmode NOBACKSLASHESCAPES, which allows remote attackers to obtain sensitive information via wildcard characters in a LIKE query...
CVE-2010-5104
TYPO3 contains an input-escaping flaw in escapeStrForLike affecting TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5. If MySQL is configured with sql_mode NO_BACKSLASH_ESCAPES, wildcard characters in LIKE queries can expose sensitive information to remote attackers. No exploi...