Search criteria
2 vulnerabilities found for TYPO3 Core by TYPO3 Core
CVE-2011-3583 (GCVE-0-2011-3583)
Vulnerability from cvelistv5 – Published: 2019-11-25 23:21 – Updated: 2024-08-06 23:37
VLAI
Summary
It was found that Typo3 Core versions 4.5.0 - 4.5.5 uses prepared statements that, if the parameter values are not properly replaced, could lead to a SQL Injection vulnerability. This issue can only be exploited if two or more parameters are bound to the query and at least two come from user input.
Severity
No CVSS data available.
CWE
- SQL Injection
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://security-tracker.debian.org/tracker/CVE-2… | x_refsource_MISC |
| https://access.redhat.com/security/cve/cve-2011-3583 | x_refsource_MISC |
| https://typo3.org/security/advisory/typo3-core-sa… | x_refsource_MISC |
| https://bugs.debian.org/cgi-bin/bugreport.cgi?bug… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| TYPO3 Core | TYPO3 Core |
Affected:
4.5.0 - 4.5.5
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:37:48.367Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-3583"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2011-3583"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2011-002/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=641682"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TYPO3 Core",
"vendor": "TYPO3 Core",
"versions": [
{
"status": "affected",
"version": "4.5.0 - 4.5.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "It was found that Typo3 Core versions 4.5.0 - 4.5.5 uses prepared statements that, if the parameter values are not properly replaced, could lead to a SQL Injection vulnerability. This issue can only be exploited if two or more parameters are bound to the query and at least two come from user input."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "SQL Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-25T23:21:26.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-3583"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/cve-2011-3583"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2011-002/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=641682"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-3583",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TYPO3 Core",
"version": {
"version_data": [
{
"version_value": "4.5.0 - 4.5.5"
}
]
}
}
]
},
"vendor_name": "TYPO3 Core"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "It was found that Typo3 Core versions 4.5.0 - 4.5.5 uses prepared statements that, if the parameter values are not properly replaced, could lead to a SQL Injection vulnerability. This issue can only be exploited if two or more parameters are bound to the query and at least two come from user input."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-tracker.debian.org/tracker/CVE-2011-3583",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2011-3583"
},
{
"name": "https://access.redhat.com/security/cve/cve-2011-3583",
"refsource": "MISC",
"url": "https://access.redhat.com/security/cve/cve-2011-3583"
},
{
"name": "https://typo3.org/security/advisory/typo3-core-sa-2011-002/",
"refsource": "MISC",
"url": "https://typo3.org/security/advisory/typo3-core-sa-2011-002/"
},
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=641682",
"refsource": "MISC",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=641682"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-3583",
"datePublished": "2019-11-25T23:21:26.000Z",
"dateReserved": "2011-09-21T00:00:00.000Z",
"dateUpdated": "2024-08-06T23:37:48.367Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3583 (GCVE-0-2011-3583)
Vulnerability from nvd – Published: 2019-11-25 23:21 – Updated: 2024-08-06 23:37
VLAI
Summary
It was found that Typo3 Core versions 4.5.0 - 4.5.5 uses prepared statements that, if the parameter values are not properly replaced, could lead to a SQL Injection vulnerability. This issue can only be exploited if two or more parameters are bound to the query and at least two come from user input.
Severity
No CVSS data available.
CWE
- SQL Injection
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://security-tracker.debian.org/tracker/CVE-2… | x_refsource_MISC |
| https://access.redhat.com/security/cve/cve-2011-3583 | x_refsource_MISC |
| https://typo3.org/security/advisory/typo3-core-sa… | x_refsource_MISC |
| https://bugs.debian.org/cgi-bin/bugreport.cgi?bug… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| TYPO3 Core | TYPO3 Core |
Affected:
4.5.0 - 4.5.5
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:37:48.367Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-3583"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2011-3583"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2011-002/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=641682"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TYPO3 Core",
"vendor": "TYPO3 Core",
"versions": [
{
"status": "affected",
"version": "4.5.0 - 4.5.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "It was found that Typo3 Core versions 4.5.0 - 4.5.5 uses prepared statements that, if the parameter values are not properly replaced, could lead to a SQL Injection vulnerability. This issue can only be exploited if two or more parameters are bound to the query and at least two come from user input."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "SQL Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-25T23:21:26.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-3583"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/cve-2011-3583"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2011-002/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=641682"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-3583",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TYPO3 Core",
"version": {
"version_data": [
{
"version_value": "4.5.0 - 4.5.5"
}
]
}
}
]
},
"vendor_name": "TYPO3 Core"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "It was found that Typo3 Core versions 4.5.0 - 4.5.5 uses prepared statements that, if the parameter values are not properly replaced, could lead to a SQL Injection vulnerability. This issue can only be exploited if two or more parameters are bound to the query and at least two come from user input."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-tracker.debian.org/tracker/CVE-2011-3583",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2011-3583"
},
{
"name": "https://access.redhat.com/security/cve/cve-2011-3583",
"refsource": "MISC",
"url": "https://access.redhat.com/security/cve/cve-2011-3583"
},
{
"name": "https://typo3.org/security/advisory/typo3-core-sa-2011-002/",
"refsource": "MISC",
"url": "https://typo3.org/security/advisory/typo3-core-sa-2011-002/"
},
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=641682",
"refsource": "MISC",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=641682"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-3583",
"datePublished": "2019-11-25T23:21:26.000Z",
"dateReserved": "2011-09-21T00:00:00.000Z",
"dateUpdated": "2024-08-06T23:37:48.367Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}