Description

SQL injection vulnerability in the traditional frontend editing feature in the Frontend Editing subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote authenticated users to execute arbitrary SQL commands via unspecified parameters.

Remediation

References

CVE-2009-3632

Related Vulnerabilities

WordPress Plugin MiwoEvents-Manage & Book Events Unspecified Vulnerability (1.2.0)

Jboss EAP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-6311)

WordPress Plugin Registration Forms-User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction Cross-Site Scripting (2.0.14)

WordPress Plugin WooCommerce Quick Reports Cross-Site Scripting (1.0.6)

WordPress Plugin 404 to 301-Redirect, Log and Notify 404 Errors Security Bypass (3.0.1)

Severity

Medium

Classification

CVE-2009-3632 CWE-138

Tags

Missing Update Known Vulnerabilities