CVE-2010-3662 – typo3/cms-backend

Package

Manager: composer
Name: typo3/cms-backend
Vulnerable Version: >=0 <4.1.14 || >=4.2.0 <4.2.13 || >=4.3.0 <4.3.4 || >=4.4.0 <4.4.1

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00704 pctl0.71217

Details

TYPO3 SQL injection vulnerability on the backend TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows SQL Injection on the backend.

Metadata

Created: 2022-04-21T01:57:46Z
Modified: 2024-02-07T22:32:53Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/04/GHSA-4rvc-5hrh-qmwf/GHSA-4rvc-5hrh-qmwf.json
CWE IDs: ["CWE-89"]
Alternative ID: GHSA-4rvc-5hrh-qmwf
Finding: F297
Auto approve: 1