CVE-2012-1607
EPSS 0.70%TYPO3 allows remote attackers to obtain the database name via a direct request
Published: 5/17/2022Modified: 4/12/2025
Also known as:GHSA-q68v-vcjg-r3vp
Description
The Command Line Interface (CLI) script in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allows remote attackers to obtain the database name via a direct request.
Affected packages (1)
- Packagist/typo3/cms>= 4.4.0, <= 4.4.13
References (6)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2012-1607
- PATCHhttps://github.com/TYPO3/typo3
- WEBhttps://web.archive.org/web/20120426034517/http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-001
- WEBhttps://web.archive.org/web/20120527123559/http://www.securityfocus.com/bid/52771
- WEBhttp://www.debian.org/security/2012/dsa-2445
- WEBhttp://www.openwall.com/lists/oss-security/2012/03/30/4