GHSA-947m-vgqc-x6v4

Source

https://github.com/advisories/GHSA-947m-vgqc-x6v4

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-947m-vgqc-x6v4/GHSA-947m-vgqc-x6v4.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-947m-vgqc-x6v4

Aliases

CVE-2012-6144

Published

2022-05-17T01:37:41Z

Modified

2024-01-12T18:26:37.298847Z

Summary

Typo3 Backend History Module Vulnerable to SQL Injection

Details

SQL injection vulnerability in the Backend History module in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 Due to missing encoding of user input, the history module is susceptible to SQL Injection and Cross-Site Scripting. A valid backend login is required to exploit this vulnerability.

Database specific

{
    "nvd_published_at": "2013-07-01T21:55:00Z",
    "cwe_ids": [
        "CWE-89"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2024-01-12T18:00:15Z"
}

References

Affected packages

Packagist / typo3/cms

Package

Name: typo3/cms
Purl: pkg:composer/typo3/cms

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.5.0

Fixed

4.5.21

Database specific

{
    "last_known_affected_version_range": "<= 4.5.20"
}

Packagist / typo3/cms

Package

Name: typo3/cms
Purl: pkg:composer/typo3/cms

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.6.0

Fixed

4.6.14

Database specific

{
    "last_known_affected_version_range": "<= 4.6.13"
}

Packagist / typo3/cms

Package

Name: typo3/cms
Purl: pkg:composer/typo3/cms

Affected ranges

Type: ECOSYSTEM
Events: Introduced

4.7.0

Fixed

4.7.6

Database specific

{
    "last_known_affected_version_range": "<= 4.7.5"
}