CVE-2010-5103 – typo3/cms

Package

Manager: composer
Name: typo3/cms
Vulnerable Version: >=4.2.0 <4.2.16 || >=4.3.0 <4.3.9 || >=4.4.0 <4.4.5

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:U/RC:R

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00652 pctl0.69992

Details

TYPO3 SQL Injection vulnerability SQL injection vulnerability in the list module in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allows remote authenticated users with certain permissions to execute arbitrary SQL commands via unspecified vectors.

Metadata

Created: 2022-05-17T01:55:53Z
Modified: 2025-04-12T02:30:20Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-r2w2-2r2x-fpcx/GHSA-r2w2-2r2x-fpcx.json
CWE IDs: ["CWE-89"]
Alternative ID: GHSA-r2w2-2r2x-fpcx
Finding: F297
Auto approve: 1