Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-6381

Overview

Vulnerability Score 6.5 6.5
CVE Id CVE-2007-6381
Last Modified 07 Mar 2011 10:02:34
Published 14 Dec 2007 09:46:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2007-6381

Summary

SQL injection vulnerability in the indexed_search system extension in TYPO3 3.x, 4.0 through 4.0.7, and 4.1 through 4.1.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

Vulnerable Systems

Application

  • Typo3

  • Typo3 3.0

  • Typo3 3.7.0

  • Typo3 3.7.1

  • Typo3 3.8

  • Typo3 3.8.1

  • Typo3 4.0

  • Typo3 4.0.1

  • Typo3 4.0.2

  • Typo3 4.0.3

  • Typo3 4.0.4

  • Typo3 4.0.5

  • Typo3 4.0.6

  • Typo3 4.0.7

  • Typo3 4.1

  • Typo3 4.1.1

  • Typo3 4.1.2

  • Typo3 4.1.3


References

CONFIRM - http://typo3.org/teams/security/security-bulletins/typo3-20071210-1/

VUPEN - ADV-2007-4205

OSVDB - 39506

XF - typo3-indexedsearch-sql-injection(39017)

BID - 26871

DEBIAN - DSA-1439

SECTRACK - 1019146

SECUNIA - 28243

SECUNIA - 27969

MISC - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=457446


Last Updated: 27 May 2016 10:46:28