It was found that Typo3 Core versions 4.5.0 - 4.5.5 uses prepared statements that, if the parameter values are not properly replaced, could lead to a SQL Injection vulnerability. This issue can only be exploited if two or more parameters are bound to the query and at least two come from user input.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HTypo3
APPTypo34.5.0 – 4.5.5
Related vulnerabilities
TYPO3 before 4.3.12, 4.4.x before 4.4.9, and 4.5.x before 4.5.4 allows remote attackers to bypass authenticati...
Changing backend users' passwords via the user settings module results in storing the cleartext password in th...
Backend users who had access to the recycler module could delete arbitrary data from any database table define...
Missing authorization checks in the Workspace Module of TYPO3 CMS versions 9.0.0‑9.5.54, 10.0.0‑10.4.53, 11.0....
TYPO3 is an open source, PHP based web content management system. Starting in version 10.0.0 and prior to vers...