CVE-2013-1842: SQL Injection
First published: Wed Mar 20 2013(Updated: )
SQL injection vulnerability in the Extbase Framework in TYPO3 4.5.x before 4.5.24, 4.6.x before 4.6.17, 4.7.x before 4.7.9, and 6.0.x before 6.0.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to "the Query Object Model and relation values."
Credit: secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| composer/typo3/cms-core | >=6.0.0<6.0.3 | 6.0.3 |
| composer/typo3/cms-core | >=4.7.0<4.7.9 | 4.7.9 |
| composer/typo3/cms-core | >=4.6.0<4.6.17 | 4.6.17 |
| composer/typo3/cms-core | >=4.5.0<=4.5.23 | 4.5.24 |
| TYPO3 | =4.5 | |
| TYPO3 | =4.5.0 | |
| TYPO3 | =4.5.1 | |
| TYPO3 | =4.5.2 | |
| TYPO3 | =4.5.3 | |
| TYPO3 | =4.5.4 | |
| TYPO3 | =4.5.5 | |
| TYPO3 | =4.5.6 | |
| TYPO3 | =4.5.7 | |
| TYPO3 | =4.5.8 | |
| TYPO3 | =4.5.9 | |
| TYPO3 | =4.5.10 | |
| TYPO3 | =4.5.11 | |
| TYPO3 | =4.5.12 | |
| TYPO3 | =4.5.13 | |
| TYPO3 | =4.5.14 | |
| TYPO3 | =4.5.15 | |
| TYPO3 | =4.5.16 | |
| TYPO3 | =4.5.17 | |
| TYPO3 | =4.5.18 | |
| TYPO3 | =4.5.19 | |
| TYPO3 | =4.5.22 | |
| TYPO3 | =4.5.23 | |
| TYPO3 | =4.6 | |
| TYPO3 | =4.6.0 | |
| TYPO3 | =4.6.1 | |
| TYPO3 | =4.6.2 | |
| TYPO3 | =4.6.3 | |
| TYPO3 | =4.6.4 | |
| TYPO3 | =4.6.5 | |
| TYPO3 | =4.6.6 | |
| TYPO3 | =4.6.7 | |
| TYPO3 | =4.6.8 | |
| TYPO3 | =4.6.9 | |
| TYPO3 | =4.6.10 | |
| TYPO3 | =4.6.11 | |
| TYPO3 | =4.6.12 | |
| TYPO3 | =4.6.13 | |
| TYPO3 | =4.6.14 | |
| TYPO3 | =4.6.15 | |
| TYPO3 | =4.6.16 | |
| TYPO3 | =4.7 | |
| TYPO3 | =4.7.0 | |
| TYPO3 | =4.7.1 | |
| TYPO3 | =4.7.2 | |
| TYPO3 | =4.7.3 | |
| TYPO3 | =4.7.4 | |
| TYPO3 | =4.7.5 | |
| TYPO3 | =4.7.6 | |
| TYPO3 | =4.7.7 | |
| TYPO3 | =4.7.8 | |
| TYPO3 | =6.0 | |
| TYPO3 | =6.0.1 | |
| TYPO3 | =6.0.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-updates/2013-03/msg00079.html
- http://osvdb.org/90925
- http://secunia.com/advisories/52433
- http://secunia.com/advisories/52638
- http://typo3.org/support/teamssecuritysecurity-bulletins/security-bulletins-single-view/article/sql-injection-and-open-redirection-in-typo3-core/
- http://www.debian.org/security/2013/dsa-2646
- http://www.openwall.com/lists/oss-security/2013/03/12/3
- http://www.securityfocus.com/bid/58330
Frequently Asked Questions
What is the severity of CVE-2013-1842?
CVE-2013-1842 is a critical SQL injection vulnerability that enables remote attackers to execute arbitrary SQL commands.
How do I fix CVE-2013-1842?
To fix CVE-2013-1842, upgrade TYPO3 to versions 6.0.3, 4.7.9, 4.6.17, or 4.5.24 or later.
Which TYPO3 versions are affected by CVE-2013-1842?
CVE-2013-1842 affects TYPO3 versions 4.5.x before 4.5.24, 4.6.x before 4.6.17, 4.7.x before 4.7.9, and 6.0.x before 6.0.3.
Can CVE-2013-1842 lead to data breaches?
Yes, CVE-2013-1842 can lead to unauthorized access to the database, potentially resulting in data breaches.
Is CVE-2013-1842 unique to TYPO3 or common in other systems?
While CVE-2013-1842 is specific to TYPO3, SQL injection vulnerabilities are commonly found in various web applications.
- collector/github-advisory-latest
- alias/GHSA-m64j-j252-jxmr
- alias/CVE-2013-1842
- collector/github-advisory
- agent/author
- agent/type
- agent/references
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- agent/trending
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-cve
- agent/software-canonical-lookup-request
- collector/nvd-index
- package-manager/composer
- vendor/typo3
- canonical/typo3 typo3
- version/typo3 typo3/4.5
- version/typo3 typo3/4.5.0
- version/typo3 typo3/4.5.1
- version/typo3 typo3/4.5.2
- version/typo3 typo3/4.5.3
- version/typo3 typo3/4.5.4
- version/typo3 typo3/4.5.5
- version/typo3 typo3/4.5.6
- version/typo3 typo3/4.5.7
- version/typo3 typo3/4.5.8
- version/typo3 typo3/4.5.9
- version/typo3 typo3/4.5.10
- version/typo3 typo3/4.5.11
- version/typo3 typo3/4.5.12
- version/typo3 typo3/4.5.13
- version/typo3 typo3/4.5.14
- version/typo3 typo3/4.5.15
- version/typo3 typo3/4.5.16
- version/typo3 typo3/4.5.17
- version/typo3 typo3/4.5.18
- version/typo3 typo3/4.5.19
- version/typo3 typo3/4.5.22
- version/typo3 typo3/4.5.23
- version/typo3 typo3/4.6
- version/typo3 typo3/4.6.0
- version/typo3 typo3/4.6.1
- version/typo3 typo3/4.6.2
- version/typo3 typo3/4.6.3
- version/typo3 typo3/4.6.4
- version/typo3 typo3/4.6.5
- version/typo3 typo3/4.6.6
- version/typo3 typo3/4.6.7
- version/typo3 typo3/4.6.8
- version/typo3 typo3/4.6.9
- version/typo3 typo3/4.6.10
- version/typo3 typo3/4.6.11
- version/typo3 typo3/4.6.12
- version/typo3 typo3/4.6.13
- version/typo3 typo3/4.6.14
- version/typo3 typo3/4.6.15
- version/typo3 typo3/4.6.16
- version/typo3 typo3/4.7
- version/typo3 typo3/4.7.0
- version/typo3 typo3/4.7.1
- version/typo3 typo3/4.7.2
- version/typo3 typo3/4.7.3
- version/typo3 typo3/4.7.4
- version/typo3 typo3/4.7.5
- version/typo3 typo3/4.7.6
- version/typo3 typo3/4.7.7
- version/typo3 typo3/4.7.8
- version/typo3 typo3/6.0
- version/typo3 typo3/6.0.1
- version/typo3 typo3/6.0.2