CVE-2011-3583

CVE-2011-3583

EPSS 1.4%

It was found that Typo3 Core versions 4.5.0 - 4.5.5 uses prepared statements that, if the parameter values are not properly replaced, could lead to a SQL Injection vulnerability. This issue can only be exploited if two or more parameters are bound to the query and at least two come from user input.

Affected products

TYPO3 Core · TYPO3 Core

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://access.redhat.com/security/cve/cve-2011-3583 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=641682 https://security-tracker.debian.org/tracker/CVE-2011-3583 https://typo3.org/security/advisory/typo3-core-sa-2011-002/