Vulnerability Details CVE-2011-3583
It was found that Typo3 Core versions 4.5.0 - 4.5.5 uses prepared statements that, if the parameter values are not properly replaced, could lead to a SQL Injection vulnerability. This issue can only be exploited if two or more parameters are bound to the query and at least two come from user input.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 63.4%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- https://access.redhat.com/security/cve/cve-2011-3583
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=641682
- https://security-tracker.debian.org/tracker/CVE-2011-3583
- https://typo3.org/security/advisory/typo3-core-sa-2011-002/
- https://access.redhat.com/security/cve/cve-2011-3583
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=641682
- https://security-tracker.debian.org/tracker/CVE-2011-3583
- https://typo3.org/security/advisory/typo3-core-sa-2011-002/
Products affected by CVE-2011-3583
-
cpe:2.3:a:typo3:typo3:4.5.0
-
cpe:2.3:a:typo3:typo3:4.5.1
-
cpe:2.3:a:typo3:typo3:4.5.2
-
cpe:2.3:a:typo3:typo3:4.5.3
-
cpe:2.3:a:typo3:typo3:4.5.4
-
cpe:2.3:a:typo3:typo3:4.5.5