CVE-2007-6381
TYPO3 3.x 4.0-4.0.7 4.1-4.1.3 - Authenticated SQL Injection
Title source: llmDescription
SQL injection vulnerability in the indexed_search system extension in TYPO3 3.x, 4.0 through 4.0.7, and 4.1 through 4.1.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
References (10)
Core 10
Core References
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/28243
Patch x_refsource_confirm
http://typo3.org/teams/security/security-bulletins/typo3-20071210-1/
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/4205
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/39506
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1019146
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/26871
Issue Tracking x_refsource_misc
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=457446
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/39017
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/27969
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2007/dsa-1439
Scores
EPSS
0.0112
EPSS Percentile
78.5%
Details
CWE
CWE-89
Status
published
Products (18)
typo3/typo3
typo3/typo3
3.0
typo3/typo3
3.7.0
typo3/typo3
3.7.1
typo3/typo3
3.8
typo3/typo3
3.8.1
typo3/typo3
4.0
typo3/typo3
4.0.1
typo3/typo3
4.0.2
typo3/typo3
4.0.3
... and 8 more
Published
Dec 15, 2007
Tracked Since
Feb 18, 2026