TYPO3 Indexed_search SQL Injection Vulnerability Network Vulnerability

Summary

This host is installed with TYPO3 and is prone to SQL injection vulnerability.

Impact

Successful exploitation will allow remote authenticated attackers to view, add, modify or delete information in the back-end database. Impact Level: Application

Solution

Upgrade to TYPO3 version 4.0.8 or 4.1.4 or later, For updates refer to, http://typo3.org/

Insight

An error exists in indexed_search system extension which fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Affected

TYPO3 version before 4.0.8 and 4.1.0 to 4.1.3

Detection

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

References

http://osvdb.org/39506
http://secunia.com/advisories/27969
http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-20071210-1
http://xforce.iss.net/xforce/xfdb/39017

Updated on 2015-03-25

Severity

Classification

CVE CVE-2007-6381

CVSS	Base Score: 6.5 AV:N/AC:L/Au:S/C:P/I:P/A:P

Related Vulnerabilities

Apache Struts2 showcase namespace XSS Vulnerability
AMSI 'file' Parameter Directory Traversal Vulnerability
Advantech WebAccess Multiple Stack Based Buffer Overflow Vulnerabilities
Adobe ColdFusion Multiple Cross Site Scripting Vulnerabilities
@Mail 'MailType' Parameter Cross Site Scripting Vulnerability

TYPO3 indexed_search SQL Injection Vulnerability

Take action and discover your vulnerabilities