CVE-2013-1842

TYPO3 4.5.x-4.6.x-4.7.x-6.0.x - SQL Injection via Query Object Model

Title source: llm

Description

SQL injection vulnerability in the Extbase Framework in TYPO3 4.5.x before 4.5.24, 4.6.x before 4.6.17, 4.7.x before 4.7.9, and 6.0.x before 6.0.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to "the Query Object Model and relation values."

References (8)

Core 8

Core References

Mailing List mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2013/03/12/3

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2013/dsa-2646

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/90925

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-updates/2013-03/msg00079.html

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/52638

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/58330

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/52433

Vendor Advisory x_refsource_confirm

http://typo3.org/support/teamssecuritysecurity-bulletins/security-bulletins-single-view/article/sql-injection-and-open-redirection-in-typo3-core/

Scores

EPSS 0.0333

EPSS Percentile 87.4%

Details

CWE

CWE-89

Status published

Products (50)

typo3/cms-core 4.5.0 - 4.5.24Packagist

typo3/typo3 4.5

typo3/typo3 4.5.0

typo3/typo3 4.5.1

typo3/typo3 4.5.2

typo3/typo3 4.5.3

typo3/typo3 4.5.4

typo3/typo3 4.5.5

typo3/typo3 4.5.6

typo3/typo3 4.5.7

... and 40 more

Published Mar 20, 2013

Tracked Since Feb 18, 2026