CVE-2012-6144

EPSS 0.60%

typo3-src - several

Published: 5/17/2022Modified: 3/9/2026

Description

SQL injection vulnerability in the Backend History module in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 Due to missing encoding of user input, the history module is susceptible to SQL Injection and Cross-Site Scripting. A valid backend login is required to exploit this vulnerability.

Affected packages (2)

Debian/typo3-srcfrom 0, < 4.3.9+dfsg1-1+squeeze7
Packagist/typo3/cms>= 4.5.0, < 4.5.21

References (4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2012-6144
WEBhttps://exchange.xforce.ibmcloud.com/vulnerabilities/79964
WEBhttp://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005
WEBhttp://www.openwall.com/lists/oss-security/2013/06/19/4