CVE-2011-3583
Description
It was found that Typo3 Core versions 4.5.0 - 4.5.5 uses prepared statements that, if the parameter values are not properly replaced, could lead to a SQL Injection vulnerability. This issue can only be exploited if two or more parameters are bound to the query and at least two come from user input.
CWE
- (none)
Affected
- TYPO3 Core / TYPO3 Core — v=4.5.0 - 4.5.5 [affected]
CVSS
- (none)
References
- https://security-tracker.debian.org/tracker/CVE-2011-3583 x_refsource_MISC
- https://access.redhat.com/security/cve/cve-2011-3583 x_refsource_MISC
- https://typo3.org/security/advisory/typo3-core-sa-2011-002/ x_refsource_MISC
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=641682 x_refsource_MISC
Source
cvelistV5-main/cves/2011/3xxx/CVE-2011-3583.json