CVE-2013-1842 – typo3/cms-core

Package

Manager: composer
Name: typo3/cms-core
Vulnerable Version: >=4.5.0 <4.5.24 || >=4.6.0 <4.6.17 || >=4.7.0 <4.7.9 || >=6.0.0 <6.0.3

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

EPSS: 0.03325 pctl0.8679

Details

TYPO3 SQL injection vulnerability in the Extbase Framework SQL injection vulnerability in the Extbase Framework in TYPO3 4.5.x before 4.5.24, 4.6.x before 4.6.17, 4.7.x before 4.7.9, and 6.0.x before 6.0.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to "the Query Object Model and relation values."

Metadata

Created: 2022-05-17T05:08:48Z
Modified: 2023-08-29T18:51:52Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-m64j-j252-jxmr/GHSA-m64j-j252-jxmr.json
CWE IDs: ["CWE-89"]
Alternative ID: GHSA-m64j-j252-jxmr
Finding: F297
Auto approve: 1