GHSA-XGC2-Q928-27WV TYPO3 Sensitive Information Disclosure via escapeStrForLike method

The escapeStrForLike method in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 does not properly escape input when the MySQL database is set to sqlmode NOBACKSLASHESCAPES, which allows remote attackers to obtain sensitive information via wildcard characters in a LIKE query...

CVE-2010-5104

The escapeStrForLike method in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 does not properly escape input when the MySQL database is set to sqlmode NOBACKSLASHESCAPES, which allows remote attackers to obtain sensitive information via wildcard characters in a LIKE query...

CVE-2010-5104

TYPO3 contains an input-escaping flaw in escapeStrForLike affecting TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5. If MySQL is configured with sql_mode NO_BACKSLASH_ESCAPES, wildcard characters in LIKE queries can expose sensitive information to remote attackers. No exploi...

GLSA-200606-13 : MySQL: SQL Injection

The remote host is affected by the vulnerability described in GLSA-200606-13 MySQL: SQL Injection MySQL is vulnerable to an injection flaw in mysqlrealescape when used with multi-byte characters. Impact : Due to a flaw in the multi-byte character process, an attacker is still able to inject...

FreeBSD : MySQL -- SQL-injection security vulnerability (7f8cecea-f199-11da-8422-00123ffe8333)

MySQL reports : A SQL-injection security hole has been found in multibyte encoding processing. A SQL-injection security hole can include a situation whereby when inserting user-supplied data into a database, the user might inject his own SQL statements that the server will execute. With regards t...