CVE-2013-1842
HIGH7.4EPSS 3.3%typo3-src - several
發布日:2022/5/17修改日:2026/3/9
描述
SQL injection vulnerability in the Extbase Framework in TYPO3 4.5.x before 4.5.24, 4.6.x before 4.6.17, 4.7.x before 4.7.9, and 6.0.x before 6.0.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to "the Query Object Model and relation values."
受影響套件(2)
- Debian/typo3-srcfrom 0, < 4.3.9+dfsg1-1+squeeze8
- Packagist/typo3/cms-core>= 4.5.0, < 4.5.24
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.4 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N |
參考連結(10)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2013-1842
- PATCHhttps://github.com/TYPO3-CMS/core
- WEBhttp://lists.opensuse.org/opensuse-updates/2013-03/msg00079.html
- WEBhttp://osvdb.org/90925
- WEBhttp://secunia.com/advisories/52433
- WEBhttp://secunia.com/advisories/52638
- WEBhttp://typo3.org/support/teamssecuritysecurity-bulletins/security-bulletins-single-view/article/sql-injection-and-open-redirection-in-typo3-core
- WEBhttp://www.debian.org/security/2013/dsa-2646
- WEBhttp://www.openwall.com/lists/oss-security/2013/03/12/3
- WEBhttp://www.securityfocus.com/bid/58330