Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-1842

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2013-1842
Last Modified 04 Jun 2013 11:42:38
Published 20 Mar 2013 11:55:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2013-1842

Summary

SQL injection vulnerability in the Extbase Framework in TYPO3 4.5.x before 4.5.24, 4.6.x before 4.6.17, 4.7.x before 4.7.9, and 6.0.x before 6.0.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to "the Query Object Model and relation values."

Vulnerable Systems

Application

  • Typo3 4.5

  • Typo3 4.5.0

  • Typo3 4.5.1

  • Typo3 4.5.10

  • Typo3 4.5.11

  • Typo3 4.5.12

  • Typo3 4.5.13

  • Typo3 4.5.14

  • Typo3 4.5.15

  • Typo3 4.5.16

  • Typo3 4.5.17

  • Typo3 4.5.18

  • Typo3 4.5.19

  • Typo3 4.5.2

  • Typo3 4.5.22

  • Typo3 4.5.23

  • Typo3 4.5.3

  • Typo3 4.5.4

  • Typo3 4.5.5

  • Typo3 4.5.6

  • Typo3 4.5.7

  • Typo3 4.5.8

  • Typo3 4.5.9

  • Typo3 4.6

  • Typo3 4.6.0

  • Typo3 4.6.1

  • Typo3 4.6.10

  • Typo3 4.6.11

  • Typo3 4.6.12

  • Typo3 4.6.13

  • Typo3 4.6.14

  • Typo3 4.6.15

  • Typo3 4.6.16

  • Typo3 4.6.2

  • Typo3 4.6.3

  • Typo3 4.6.4

  • Typo3 4.6.5

  • Typo3 4.6.6

  • Typo3 4.6.7

  • Typo3 4.6.8

  • Typo3 4.6.9

  • Typo3 4.7

  • Typo3 4.7.0

  • Typo3 4.7.1

  • Typo3 4.7.2

  • Typo3 4.7.3

  • Typo3 4.7.4

  • Typo3 4.7.5

  • Typo3 4.7.6

  • Typo3 4.7.7

  • Typo3 4.7.8

  • Typo3 6.0

  • Typo3 6.0.1

  • Typo3 6.0.2


References

BID - 58330

MLIST - [oss-security] 20130311 Re: CVE Request: typo3 sql injection and open redirection

DEBIAN - DSA-2646

CONFIRM - http://typo3.org/support/teamssecuritysecurity-bulletins/security-bulletins-single-view/article/sql-injection-and-open-redirection-in-typo3-core/

SECUNIA - 52638

SECUNIA - 52433

OSVDB - 90925

SUSE - openSUSE-SU-2013:0510


Last Updated: 27 May 2016 11:02:06