CRITICAL✓ PATCH🇬🇧 English

CVE-2011-3583

CVSS 9.8v3.1pub. 2019-11-26upd. 2024-11-21

It was found that Typo3 Core versions 4.5.0 - 4.5.5 uses prepared statements that, if the parameter values are not properly replaced, could lead to a SQL Injection vulnerability. This issue can only be exploited if two or more parameters are bound to the query and at least two come from user input.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Typo3

    APP
    Typo3
    4.5.0 – 4.5.5
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
Tagi
SQLi
CWE
Referencje

Powiązane podatności

CVE-2011-4628CRITICAL9.8ten sam produkt

TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to bypass authenticati...

CVE-2026-6553HIGH7.3ten sam produkt

Changing backend users' passwords via the user settings module results in storing the cleartext password in th...

CVE-2025-59022HIGH7.1ten sam produkt

Backend users who had access to the recycler module could delete arbitrary data from any database table define...

CVE-2025-59018HIGH7.1ten sam produkt

Missing authorization checks in the Workspace Module of TYPO3 CMS versions 9.0.0‑9.5.54, 10.0.0‑10.4.53, 11.0....

CVE-2025-47940HIGH7.2ten sam produkt

TYPO3 is an open source, PHP based web content management system. Starting in version 10.0.0 and prior to vers...