CVE-2012-6144 – typo3/cms

Package

Manager: composer
Name: typo3/cms
Vulnerable Version: >=4.5.0 <4.5.21 || >=4.6.0 <4.6.14 || >=4.7.0 <4.7.6

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:U/RC:R

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00595 pctl0.68359

Details

Typo3 Backend History Module Vulnerable to SQL Injection SQL injection vulnerability in the Backend History module in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 Due to missing encoding of user input, the history module is susceptible to SQL Injection and Cross-Site Scripting. A valid backend login is required to exploit this vulnerability.

Metadata

Created: 2022-05-17T01:37:41Z
Modified: 2024-01-12T18:00:15Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-947m-vgqc-x6v4/GHSA-947m-vgqc-x6v4.json
CWE IDs: ["CWE-89"]
Alternative ID: GHSA-947m-vgqc-x6v4
Finding: F297
Auto approve: 1