Description
The escapeStrForLike method in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 does not properly escape input when the MySQL database is set to sql_mode NO_BACKSLASH_ESCAPES, which allows remote attackers to obtain sensitive information via wildcard characters in a LIKE query.
Remediation
References
Related Vulnerabilities
WordPress Plugin MapSVG Lite Arbitrary File Upload (4.0.5)
Ruby Improper Authentication Vulnerability (CVE-2007-5770)
WordPress Plugin Target First Live chat Unspecified Vulnerability (1.0)
Django Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2021-31542)
WordPress Plugin Newsletter Subscription Form Possible Remote Code Execution (1.1.2)