Description
The escapeStrForLike method in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 does not properly escape input when the MySQL database is set to sql_mode NO_BACKSLASH_ESCAPES, which allows remote attackers to obtain sensitive information via wildcard characters in a LIKE query.
Remediation
References
Related Vulnerabilities
Magento Session Fixation Vulnerability (CVE-2019-8116)
WordPress URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2019-16220)
WordPress Plugin Request a Quote Cross-Site Scripting (2.0.0)
TYPO3 Uncontrolled Recursion Vulnerability (CVE-2022-23500)
WordPress Plugin Ads in bottom right Multiple Vulnerabilities (1.0)