GHSA-m64j-j252-jxmr
Suggest an improvement- Source
- https://github.com/advisories/GHSA-m64j-j252-jxmr
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-m64j-j252-jxmr/GHSA-m64j-j252-jxmr.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-m64j-j252-jxmr
- Aliases
-
- CVE-2013-1842
- Published
- 2022-05-17T05:08:48Z
- Modified
- 2023-11-08T03:57:15.390098Z
- Severity
-
- 7.4 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS Calculator
- Summary
- TYPO3 SQL injection vulnerability in the Extbase Framework
- Details
-
SQL injection vulnerability in the Extbase Framework in TYPO3 4.5.x before 4.5.24, 4.6.x before 4.6.17, 4.7.x before 4.7.9, and 6.0.x before 6.0.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to "the Query Object Model and relation values."
- Database specific
{ "nvd_published_at": "2013-03-20T15:55:00Z", "cwe_ids": [ "CWE-89" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2023-08-29T18:51:52Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2013-1842
- https://github.com/TYPO3-CMS/core
- http://lists.opensuse.org/opensuse-updates/2013-03/msg00079.html
- http://osvdb.org/90925
- http://secunia.com/advisories/52433
- http://secunia.com/advisories/52638
- http://typo3.org/support/teamssecuritysecurity-bulletins/security-bulletins-single-view/article/sql-injection-and-open-redirection-in-typo3-core
- http://www.debian.org/security/2013/dsa-2646
- http://www.openwall.com/lists/oss-security/2013/03/12/3
- http://www.securityfocus.com/bid/58330
Affected packages
Packagist / typo3/cms-core
Package
- Name
- typo3/cms-core
- Purl
- pkg:composer/typo3/cms-core
Packagist / typo3/cms-core
Package
- Name
- typo3/cms-core
- Purl
- pkg:composer/typo3/cms-core
Packagist / typo3/cms-core
Package
- Name
- typo3/cms-core
- Purl
- pkg:composer/typo3/cms-core
Packagist / typo3/cms-core
Package
- Name
- typo3/cms-core
- Purl
- pkg:composer/typo3/cms-core