CVE-2011-3583

Summary

It was found that Typo3 Core versions 4.5.0 - 4.5.5 uses prepared statements that, if the parameter values are not properly replaced, could lead to a SQL Injection vulnerability. This issue can only be exploited if two or more parameters are bound to the query and at least two come from user input.

Affected Software

VendorProductVersion RangeStatus
TYPO3 CoreTYPO3 Core4.5.0 - 4.5.5affected

Weaknesses

  • SQL Injection

ADP Enrichment

CVE Program Container

Additional References

References