First published: Mon Nov 25 2019(Updated: )
It was found that Typo3 Core versions 4.5.0 - 4.5.5 uses prepared statements that, if the parameter values are not properly replaced, could lead to a SQL Injection vulnerability. This issue can only be exploited if two or more parameters are bound to the query and at least two come from user input.
Credit: secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
composer/typo3/cms | >=4.5.0<=4.5.5 | |
Typo3 Typo3 | >=4.5.0<=4.5.5 | |
debian/typo3-src |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2011-3583 is a SQL Injection vulnerability in Typo3 Core versions 4.5.0 - 4.5.5.
CVE-2011-3583 exploits the use of prepared statements in Typo3, where improper replacement of parameter values can allow an attacker to inject malicious SQL code.
CVE-2011-3583 has a severity rating of 9.8 out of 10, making it critical.
Typo3 Core versions 4.5.0 - 4.5.5 are affected by CVE-2011-3583.
Update Typo3 Core to a version beyond 4.5.5 to fix CVE-2011-3583.