Description

SQL injection vulnerability in the Backend History module in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 allows remote authenticated backend users to execute arbitrary SQL commands via unspecified vectors.

Remediation

References

CVE-2012-6144

Related Vulnerabilities

Atlassian Jira Missing Authentication for Critical Function Vulnerability (CVE-2019-8449)

WordPress Plugin PDF Flipbook, 3D Flipbook WordPress-DearFlip Cross-Site Scripting (1.7.9)

Django URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2017-7233)

WordPress Plugin Chamber Dashboard Member Manager Cross-Site Scripting (2.0.5)

Chamilo Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2023-4221)

Severity

Medium

Classification

CVE-2012-6144 CWE-138

Tags

Missing Update Known Vulnerabilities