Description
It was found that Typo3 Core versions 4.5.0 - 4.5.5 uses prepared statements that, if the parameter values are not properly replaced, could lead to a SQL Injection vulnerability. This issue can only be exploited if two or more parameters are bound to the query and at least two come from user input.
Remediation
References
Related Vulnerabilities
MediaWiki Other Vulnerability (CVE-2006-2895)
Liferay Portal Improper Authentication Vulnerability (CVE-2021-29047)
WordPress Plugin Contact Form 7 Style Cross-Site Request Forgery (3.1.9)
MySQL CVE-2017-3453 Vulnerability (CVE-2017-3453)
Magento Server-Side Request Forgery (SSRF) Vulnerability (CVE-2019-7923)