Description

** DISPUTED ** SQL injection vulnerability in index.php in TYPO3 4.0 allows remote attackers to execute arbitrary SQL commands via the showUid parameter. NOTE: the TYPO3 Security Team disputes this report, stating that "there is no such vulnerability... The showUid parameter is generally used in third-party TYPO3 extensions - not in TYPO3 Core."

Remediation

References

CVE-2009-4855

Related Vulnerabilities

Chamilo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-37064)

SharePoint CVE-2021-31963 Vulnerability (CVE-2021-31963)

Magento Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-7882)

PostgreSQL Other Vulnerability (CVE-2006-0105)

WordPress Plugin Cashtomer SQL Injection (1.0.0)

Severity

High

Classification

CVE-2009-4855 CWE-138

Tags

Missing Update Known Vulnerabilities