Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities by TYPO3 Core
CVE-2011-3584 (GCVE-0-2011-3584)
Vulnerability from cvelistv5 – Published: 2019-11-25 23:31 – Updated: 2024-08-06 23:37
VLAI
Summary
The TYPO3 Core wec_discussion extension before 2.1.1 is vulnerable to SQL Injection due to improper sanitation of user-supplied input.
Severity
No CVSS data available.
CWE
- SQL Injection
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://security-tracker.debian.org/tracker/CVE-2… | x_refsource_MISC |
| https://access.redhat.com/security/cve/cve-2011-3584 | x_refsource_MISC |
| https://typo3.org/security/advisory/typo3-sa-2011-003/ | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| TYPO3 Core | wec_discussion |
Affected:
before 2.1.1
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:37:48.318Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-3584"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2011-3584"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://typo3.org/security/advisory/typo3-sa-2011-003/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "wec_discussion",
"vendor": "TYPO3 Core",
"versions": [
{
"status": "affected",
"version": "before 2.1.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The TYPO3 Core wec_discussion extension before 2.1.1 is vulnerable to SQL Injection due to improper sanitation of user-supplied input."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "SQL Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-25T23:31:31.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-3584"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/cve-2011-3584"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://typo3.org/security/advisory/typo3-sa-2011-003/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-3584",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "wec_discussion",
"version": {
"version_data": [
{
"version_value": "before 2.1.1"
}
]
}
}
]
},
"vendor_name": "TYPO3 Core"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The TYPO3 Core wec_discussion extension before 2.1.1 is vulnerable to SQL Injection due to improper sanitation of user-supplied input."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-tracker.debian.org/tracker/CVE-2011-3584",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2011-3584"
},
{
"name": "https://access.redhat.com/security/cve/cve-2011-3584",
"refsource": "MISC",
"url": "https://access.redhat.com/security/cve/cve-2011-3584"
},
{
"name": "https://typo3.org/security/advisory/typo3-sa-2011-003/",
"refsource": "MISC",
"url": "https://typo3.org/security/advisory/typo3-sa-2011-003/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-3584",
"datePublished": "2019-11-25T23:31:31.000Z",
"dateReserved": "2011-09-21T00:00:00.000Z",
"dateUpdated": "2024-08-06T23:37:48.318Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3583 (GCVE-0-2011-3583)
Vulnerability from cvelistv5 – Published: 2019-11-25 23:21 – Updated: 2024-08-06 23:37
VLAI
Summary
It was found that Typo3 Core versions 4.5.0 - 4.5.5 uses prepared statements that, if the parameter values are not properly replaced, could lead to a SQL Injection vulnerability. This issue can only be exploited if two or more parameters are bound to the query and at least two come from user input.
Severity
No CVSS data available.
CWE
- SQL Injection
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://security-tracker.debian.org/tracker/CVE-2… | x_refsource_MISC |
| https://access.redhat.com/security/cve/cve-2011-3583 | x_refsource_MISC |
| https://typo3.org/security/advisory/typo3-core-sa… | x_refsource_MISC |
| https://bugs.debian.org/cgi-bin/bugreport.cgi?bug… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| TYPO3 Core | TYPO3 Core |
Affected:
4.5.0 - 4.5.5
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:37:48.367Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-3583"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2011-3583"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2011-002/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=641682"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "TYPO3 Core",
"vendor": "TYPO3 Core",
"versions": [
{
"status": "affected",
"version": "4.5.0 - 4.5.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "It was found that Typo3 Core versions 4.5.0 - 4.5.5 uses prepared statements that, if the parameter values are not properly replaced, could lead to a SQL Injection vulnerability. This issue can only be exploited if two or more parameters are bound to the query and at least two come from user input."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "SQL Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-25T23:21:26.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-3583"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/cve-2011-3583"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://typo3.org/security/advisory/typo3-core-sa-2011-002/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=641682"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-3583",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "TYPO3 Core",
"version": {
"version_data": [
{
"version_value": "4.5.0 - 4.5.5"
}
]
}
}
]
},
"vendor_name": "TYPO3 Core"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "It was found that Typo3 Core versions 4.5.0 - 4.5.5 uses prepared statements that, if the parameter values are not properly replaced, could lead to a SQL Injection vulnerability. This issue can only be exploited if two or more parameters are bound to the query and at least two come from user input."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-tracker.debian.org/tracker/CVE-2011-3583",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2011-3583"
},
{
"name": "https://access.redhat.com/security/cve/cve-2011-3583",
"refsource": "MISC",
"url": "https://access.redhat.com/security/cve/cve-2011-3583"
},
{
"name": "https://typo3.org/security/advisory/typo3-core-sa-2011-002/",
"refsource": "MISC",
"url": "https://typo3.org/security/advisory/typo3-core-sa-2011-002/"
},
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=641682",
"refsource": "MISC",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=641682"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-3583",
"datePublished": "2019-11-25T23:21:26.000Z",
"dateReserved": "2011-09-21T00:00:00.000Z",
"dateUpdated": "2024-08-06T23:37:48.367Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}