Search

Find a vulnerability

Search criteria

    4 vulnerabilities by TYPO3 Core

    CVE-2011-3584 (GCVE-0-2011-3584)

    Vulnerability from nvd – Published: 2019-11-25 23:31 – Updated: 2024-08-06 23:37
    VLAI
    Summary
    The TYPO3 Core wec_discussion extension before 2.1.1 is vulnerable to SQL Injection due to improper sanitation of user-supplied input.
    Severity
    No CVSS data available.
    CWE
    • SQL Injection
    Assigner
    Impacted products
    Vendor Product Version
    TYPO3 Core wec_discussion Affected: before 2.1.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T23:37:48.318Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://security-tracker.debian.org/tracker/CVE-2011-3584"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/cve-2011-3584"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://typo3.org/security/advisory/typo3-sa-2011-003/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "wec_discussion",
              "vendor": "TYPO3 Core",
              "versions": [
                {
                  "status": "affected",
                  "version": "before 2.1.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The TYPO3 Core wec_discussion extension before 2.1.1 is vulnerable to SQL Injection due to improper sanitation of user-supplied input."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "SQL Injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-11-25T23:31:31.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://security-tracker.debian.org/tracker/CVE-2011-3584"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://access.redhat.com/security/cve/cve-2011-3584"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://typo3.org/security/advisory/typo3-sa-2011-003/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2011-3584",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "wec_discussion",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "before 2.1.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "TYPO3 Core"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The TYPO3 Core wec_discussion extension before 2.1.1 is vulnerable to SQL Injection due to improper sanitation of user-supplied input."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "SQL Injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://security-tracker.debian.org/tracker/CVE-2011-3584",
                  "refsource": "MISC",
                  "url": "https://security-tracker.debian.org/tracker/CVE-2011-3584"
                },
                {
                  "name": "https://access.redhat.com/security/cve/cve-2011-3584",
                  "refsource": "MISC",
                  "url": "https://access.redhat.com/security/cve/cve-2011-3584"
                },
                {
                  "name": "https://typo3.org/security/advisory/typo3-sa-2011-003/",
                  "refsource": "MISC",
                  "url": "https://typo3.org/security/advisory/typo3-sa-2011-003/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2011-3584",
        "datePublished": "2019-11-25T23:31:31.000Z",
        "dateReserved": "2011-09-21T00:00:00.000Z",
        "dateUpdated": "2024-08-06T23:37:48.318Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-3583 (GCVE-0-2011-3583)

    Vulnerability from nvd – Published: 2019-11-25 23:21 – Updated: 2024-08-06 23:37
    VLAI
    Summary
    It was found that Typo3 Core versions 4.5.0 - 4.5.5 uses prepared statements that, if the parameter values are not properly replaced, could lead to a SQL Injection vulnerability. This issue can only be exploited if two or more parameters are bound to the query and at least two come from user input.
    Severity
    No CVSS data available.
    CWE
    • SQL Injection
    Assigner
    Impacted products
    Vendor Product Version
    TYPO3 Core TYPO3 Core Affected: 4.5.0 - 4.5.5
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T23:37:48.367Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://security-tracker.debian.org/tracker/CVE-2011-3583"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/cve-2011-3583"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://typo3.org/security/advisory/typo3-core-sa-2011-002/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=641682"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "TYPO3 Core",
              "vendor": "TYPO3 Core",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.5.0 - 4.5.5"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "It was found that Typo3 Core versions 4.5.0 - 4.5.5 uses prepared statements that, if the parameter values are not properly replaced, could lead to a SQL Injection vulnerability. This issue can only be exploited if two or more parameters are bound to the query and at least two come from user input."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "SQL Injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-11-25T23:21:26.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://security-tracker.debian.org/tracker/CVE-2011-3583"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://access.redhat.com/security/cve/cve-2011-3583"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://typo3.org/security/advisory/typo3-core-sa-2011-002/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=641682"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2011-3583",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "TYPO3 Core",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "4.5.0 - 4.5.5"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "TYPO3 Core"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "It was found that Typo3 Core versions 4.5.0 - 4.5.5 uses prepared statements that, if the parameter values are not properly replaced, could lead to a SQL Injection vulnerability. This issue can only be exploited if two or more parameters are bound to the query and at least two come from user input."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "SQL Injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://security-tracker.debian.org/tracker/CVE-2011-3583",
                  "refsource": "MISC",
                  "url": "https://security-tracker.debian.org/tracker/CVE-2011-3583"
                },
                {
                  "name": "https://access.redhat.com/security/cve/cve-2011-3583",
                  "refsource": "MISC",
                  "url": "https://access.redhat.com/security/cve/cve-2011-3583"
                },
                {
                  "name": "https://typo3.org/security/advisory/typo3-core-sa-2011-002/",
                  "refsource": "MISC",
                  "url": "https://typo3.org/security/advisory/typo3-core-sa-2011-002/"
                },
                {
                  "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=641682",
                  "refsource": "MISC",
                  "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=641682"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2011-3583",
        "datePublished": "2019-11-25T23:21:26.000Z",
        "dateReserved": "2011-09-21T00:00:00.000Z",
        "dateUpdated": "2024-08-06T23:37:48.367Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-3584 (GCVE-0-2011-3584)

    Vulnerability from cvelistv5 – Published: 2019-11-25 23:31 – Updated: 2024-08-06 23:37
    VLAI
    Summary
    The TYPO3 Core wec_discussion extension before 2.1.1 is vulnerable to SQL Injection due to improper sanitation of user-supplied input.
    Severity
    No CVSS data available.
    CWE
    • SQL Injection
    Assigner
    Impacted products
    Vendor Product Version
    TYPO3 Core wec_discussion Affected: before 2.1.1
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T23:37:48.318Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://security-tracker.debian.org/tracker/CVE-2011-3584"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/cve-2011-3584"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://typo3.org/security/advisory/typo3-sa-2011-003/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "wec_discussion",
              "vendor": "TYPO3 Core",
              "versions": [
                {
                  "status": "affected",
                  "version": "before 2.1.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The TYPO3 Core wec_discussion extension before 2.1.1 is vulnerable to SQL Injection due to improper sanitation of user-supplied input."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "SQL Injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-11-25T23:31:31.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://security-tracker.debian.org/tracker/CVE-2011-3584"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://access.redhat.com/security/cve/cve-2011-3584"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://typo3.org/security/advisory/typo3-sa-2011-003/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2011-3584",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "wec_discussion",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "before 2.1.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "TYPO3 Core"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The TYPO3 Core wec_discussion extension before 2.1.1 is vulnerable to SQL Injection due to improper sanitation of user-supplied input."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "SQL Injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://security-tracker.debian.org/tracker/CVE-2011-3584",
                  "refsource": "MISC",
                  "url": "https://security-tracker.debian.org/tracker/CVE-2011-3584"
                },
                {
                  "name": "https://access.redhat.com/security/cve/cve-2011-3584",
                  "refsource": "MISC",
                  "url": "https://access.redhat.com/security/cve/cve-2011-3584"
                },
                {
                  "name": "https://typo3.org/security/advisory/typo3-sa-2011-003/",
                  "refsource": "MISC",
                  "url": "https://typo3.org/security/advisory/typo3-sa-2011-003/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2011-3584",
        "datePublished": "2019-11-25T23:31:31.000Z",
        "dateReserved": "2011-09-21T00:00:00.000Z",
        "dateUpdated": "2024-08-06T23:37:48.318Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2011-3583 (GCVE-0-2011-3583)

    Vulnerability from cvelistv5 – Published: 2019-11-25 23:21 – Updated: 2024-08-06 23:37
    VLAI
    Summary
    It was found that Typo3 Core versions 4.5.0 - 4.5.5 uses prepared statements that, if the parameter values are not properly replaced, could lead to a SQL Injection vulnerability. This issue can only be exploited if two or more parameters are bound to the query and at least two come from user input.
    Severity
    No CVSS data available.
    CWE
    • SQL Injection
    Assigner
    Impacted products
    Vendor Product Version
    TYPO3 Core TYPO3 Core Affected: 4.5.0 - 4.5.5
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T23:37:48.367Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://security-tracker.debian.org/tracker/CVE-2011-3583"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://access.redhat.com/security/cve/cve-2011-3583"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://typo3.org/security/advisory/typo3-core-sa-2011-002/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=641682"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "TYPO3 Core",
              "vendor": "TYPO3 Core",
              "versions": [
                {
                  "status": "affected",
                  "version": "4.5.0 - 4.5.5"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "It was found that Typo3 Core versions 4.5.0 - 4.5.5 uses prepared statements that, if the parameter values are not properly replaced, could lead to a SQL Injection vulnerability. This issue can only be exploited if two or more parameters are bound to the query and at least two come from user input."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "SQL Injection",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-11-25T23:21:26.000Z",
            "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
            "shortName": "redhat"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://security-tracker.debian.org/tracker/CVE-2011-3583"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://access.redhat.com/security/cve/cve-2011-3583"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://typo3.org/security/advisory/typo3-core-sa-2011-002/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=641682"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "secalert@redhat.com",
              "ID": "CVE-2011-3583",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "TYPO3 Core",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "4.5.0 - 4.5.5"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "TYPO3 Core"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "It was found that Typo3 Core versions 4.5.0 - 4.5.5 uses prepared statements that, if the parameter values are not properly replaced, could lead to a SQL Injection vulnerability. This issue can only be exploited if two or more parameters are bound to the query and at least two come from user input."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "SQL Injection"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://security-tracker.debian.org/tracker/CVE-2011-3583",
                  "refsource": "MISC",
                  "url": "https://security-tracker.debian.org/tracker/CVE-2011-3583"
                },
                {
                  "name": "https://access.redhat.com/security/cve/cve-2011-3583",
                  "refsource": "MISC",
                  "url": "https://access.redhat.com/security/cve/cve-2011-3583"
                },
                {
                  "name": "https://typo3.org/security/advisory/typo3-core-sa-2011-002/",
                  "refsource": "MISC",
                  "url": "https://typo3.org/security/advisory/typo3-core-sa-2011-002/"
                },
                {
                  "name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=641682",
                  "refsource": "MISC",
                  "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=641682"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "assignerShortName": "redhat",
        "cveId": "CVE-2011-3583",
        "datePublished": "2019-11-25T23:21:26.000Z",
        "dateReserved": "2011-09-21T00:00:00.000Z",
        "dateUpdated": "2024-08-06T23:37:48.367Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }