Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for TYPO3 Core by TYPO3 Core

    CVE-2011-3583 (GCVE-0-2011-3583)

    Vulnerability from nvd – Published: 2019-11-25 23:21 – Updated: 2024-08-06 23:37
    VLAI
    Summary
    It was found that Typo3 Core versions 4.5.0 - 4.5.5 uses prepared statements that, if the parameter values are not properly replaced, could lead to a SQL Injection vulnerability. This issue can only be exploited if two or more parameters are bound to the query and at least two come from user input.
    Severity
    No CVSS data available.
    CWE
    • SQL Injection
    Assigner
    Impacted products
    Vendor Product Version
    TYPO3 Core TYPO3 Core Affected: 4.5.0 - 4.5.5
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T23:37:48.367Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://security-tracker.debian.org/tracker/CVE-2011-3583"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/cve-2011-3583"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://typo3.org/security/advisory/typo3-core-sa-2011-002/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=641682"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "TYPO3 Core",
              "vendor": "TYPO3 Core",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.5.0 - 4.5.5"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "It was found that Typo3 Core versions 4.5.0 - 4.5.5 uses prepared statements that, if the parameter values are not properly replaced, could lead to a SQL Injection vulnerability. This issue can only be exploited if two or more parameters are bound to the query and at least two come from user input."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "SQL Injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-11-25T23:21:26.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://security-tracker.debian.org/tracker/CVE-2011-3583"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://access.redhat.com/security/cve/cve-2011-3583"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://typo3.org/security/advisory/typo3-core-sa-2011-002/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=641682"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2011-3583",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "TYPO3 Core",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "4.5.0 - 4.5.5"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "TYPO3 Core"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "It was found that Typo3 Core versions 4.5.0 - 4.5.5 uses prepared statements that, if the parameter values are not properly replaced, could lead to a SQL Injection vulnerability. This issue can only be exploited if two or more parameters are bound to the query and at least two come from user input."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "SQL Injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://security-tracker.debian.org/tracker/CVE-2011-3583",
                  "refsource": "MISC",
                  "url": "https://security-tracker.debian.org/tracker/CVE-2011-3583"
                },
                {
                  "name": "https://access.redhat.com/security/cve/cve-2011-3583",
                  "refsource": "MISC",
                  "url": "https://access.redhat.com/security/cve/cve-2011-3583"
                },
                {
                  "name": "https://typo3.org/security/advisory/typo3-core-sa-2011-002/",
                  "refsource": "MISC",
                  "url": "https://typo3.org/security/advisory/typo3-core-sa-2011-002/"
                },
                {
                  "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=641682",
                  "refsource": "MISC",
                  "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=641682"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2011-3583",
        "datePublished": "2019-11-25T23:21:26.000Z",
        "dateReserved": "2011-09-21T00:00:00.000Z",
        "dateUpdated": "2024-08-06T23:37:48.367Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-3583 (GCVE-0-2011-3583)

    Vulnerability from cvelistv5 – Published: 2019-11-25 23:21 – Updated: 2024-08-06 23:37
    VLAI
    Summary
    It was found that Typo3 Core versions 4.5.0 - 4.5.5 uses prepared statements that, if the parameter values are not properly replaced, could lead to a SQL Injection vulnerability. This issue can only be exploited if two or more parameters are bound to the query and at least two come from user input.
    Severity
    No CVSS data available.
    CWE
    • SQL Injection
    Assigner
    Impacted products
    Vendor Product Version
    TYPO3 Core TYPO3 Core Affected: 4.5.0 - 4.5.5
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T23:37:48.367Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://security-tracker.debian.org/tracker/CVE-2011-3583"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/cve-2011-3583"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://typo3.org/security/advisory/typo3-core-sa-2011-002/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=641682"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "TYPO3 Core",
              "vendor": "TYPO3 Core",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.5.0 - 4.5.5"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "It was found that Typo3 Core versions 4.5.0 - 4.5.5 uses prepared statements that, if the parameter values are not properly replaced, could lead to a SQL Injection vulnerability. This issue can only be exploited if two or more parameters are bound to the query and at least two come from user input."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "SQL Injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-11-25T23:21:26.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://security-tracker.debian.org/tracker/CVE-2011-3583"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://access.redhat.com/security/cve/cve-2011-3583"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://typo3.org/security/advisory/typo3-core-sa-2011-002/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=641682"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2011-3583",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "TYPO3 Core",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "4.5.0 - 4.5.5"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "TYPO3 Core"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "It was found that Typo3 Core versions 4.5.0 - 4.5.5 uses prepared statements that, if the parameter values are not properly replaced, could lead to a SQL Injection vulnerability. This issue can only be exploited if two or more parameters are bound to the query and at least two come from user input."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "SQL Injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://security-tracker.debian.org/tracker/CVE-2011-3583",
                  "refsource": "MISC",
                  "url": "https://security-tracker.debian.org/tracker/CVE-2011-3583"
                },
                {
                  "name": "https://access.redhat.com/security/cve/cve-2011-3583",
                  "refsource": "MISC",
                  "url": "https://access.redhat.com/security/cve/cve-2011-3583"
                },
                {
                  "name": "https://typo3.org/security/advisory/typo3-core-sa-2011-002/",
                  "refsource": "MISC",
                  "url": "https://typo3.org/security/advisory/typo3-core-sa-2011-002/"
                },
                {
                  "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=641682",
                  "refsource": "MISC",
                  "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=641682"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2011-3583",
        "datePublished": "2019-11-25T23:21:26.000Z",
        "dateReserved": "2011-09-21T00:00:00.000Z",
        "dateUpdated": "2024-08-06T23:37:48.367Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }