CVE-2012-1607 – typo3/cms

Package

Manager: composer
Name: typo3/cms
Vulnerable Version: >=4.4.0 <=4.4.13 || >=4.5.0 <=4.5.13 || >=4.6.0 <=4.6.6

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:U/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00701 pctl0.71145

Details

TYPO3 allows remote attackers to obtain the database name via a direct request The Command Line Interface (CLI) script in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allows remote attackers to obtain the database name via a direct request.

Metadata

Created: 2022-05-17T05:23:54Z
Modified: 2025-04-12T03:00:57Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-q68v-vcjg-r3vp/GHSA-q68v-vcjg-r3vp.json
CWE IDs: ["CWE-200"]
Alternative ID: GHSA-q68v-vcjg-r3vp
Finding: F038
Auto approve: 1