It was found that Typo3 Core versions 4.5.0 - 4.5.5 uses prepared statements that, if the parameter values are not properly replaced, could lead to a SQL Injection vulnerability. This issue can only be exploited if two or more parameters are bound to the query and at least two come from user input.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2019-11-25T23:21:26
Updated: 2024-08-06T23:37:48.367Z
Reserved: 2011-09-21T00:00:00
Link: CVE-2011-3583
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2019-11-26T00:15:11.093
Modified: 2019-12-05T16:21:56.290
Link: CVE-2011-3583
Redhat
No data.