CVE-2012-6144

描述

SQL injection vulnerability in the Backend History module in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 Due to missing encoding of user input, the history module is susceptible to SQL Injection and Cross-Site Scripting. A valid backend login is required to exploit this vulnerability.

受影響套件(2)

• Debian/typo3-srcfrom 0, < 4.3.9+dfsg1-1+squeeze7
• Packagist/typo3/cms>= 4.5.0, < 4.5.21

參考連結(4)

• ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2012-6144
• WEBhttps://exchange.xforce.ibmcloud.com/vulnerabilities/79964
• WEBhttp://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005
• WEBhttp://www.openwall.com/lists/oss-security/2013/06/19/4