WEB APPLICATION VULNERABILITIES Standard & Premium

TYPO3 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2011-3583)

Description

It was found that Typo3 Core versions 4.5.0 - 4.5.5 uses prepared statements that, if the parameter values are not properly replaced, could lead to a SQL Injection vulnerability. This issue can only be exploited if two or more parameters are bound to the query and at least two come from user input.

Remediation

References

Related Vulnerabilities

Oracle HTTP Server Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Vulnerability (CVE-2019-0217)

WordPress Plugin Hot Files:File Sharing and Download Manager Cross-Site Scripting (1.0.0)

WordPress Plugin Minimal Coming Soon & Maintenance Mode-Coming Soon Page Security Bypass (2.15)

WordPress Plugin AppPresser-Mobile App Framework Security Bypass (4.3.0)

WordPress Plugin WP Membership Multiple Vulnerabilities (1.2.3)

Severity

Critical

Classification

CVE-2011-3583 CWE-138 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities