Vulnerability Name: | CVE-2007-6381 (CCN-39017) | ||||||||||||
Assigned: | 2007-12-10 | ||||||||||||
Published: | 2007-12-10 | ||||||||||||
Updated: | 2017-08-08 | ||||||||||||
Summary: | SQL injection vulnerability in the indexed_search system extension in TYPO3 3.x, 4.0 through 4.0.7, and 4.1 through 4.1.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. | ||||||||||||
CVSS v3 Severity: | 5.5 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L)
| ||||||||||||
CVSS v2 Severity: | 6.5 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P) 5.7 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P/E:H/RL:OF/RC:C)
5.7 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P/E:H/RL:OF/RC:C)
| ||||||||||||
Vulnerability Type: | CWE-89 | ||||||||||||
Vulnerability Consequences: | Data Manipulation | ||||||||||||
References: | Source: MISC Type: UNKNOWN http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=457446 Source: MITRE Type: CNA CVE-2007-6381 Source: OSVDB Type: UNKNOWN 39506 Source: CCN Type: SA27969 TYPO3 "indexed_search" SQL Injection Vulnerability Source: SECUNIA Type: UNKNOWN 27969 Source: SECUNIA Type: UNKNOWN 28243 Source: CCN Type: SECTRACK ID: 1019146 TYPO3 Input Validation Flaw in indexed_search Lets Remote Authenticated Users Inject SQL Commands Source: SECTRACK Type: UNKNOWN 1019146 Source: CCN Type: 20071210-1 SQL Injection in system extension indexed_search Source: CONFIRM Type: Patch http://typo3.org/teams/security/security-bulletins/typo3-20071210-1/ Source: DEBIAN Type: UNKNOWN DSA-1439 Source: DEBIAN Type: DSA-1439 typo3-src -- missing input sanitising Source: CCN Type: OSVDB ID: 39506 TYPO3 indexed_search System Extension SQL Injection Source: BID Type: UNKNOWN 26871 Source: CCN Type: BID-26871 TYPO3 'indexed_search' Extension SQL Injection Vulnerability Source: VUPEN Type: UNKNOWN ADV-2007-4205 Source: XF Type: UNKNOWN typo3-indexedsearch-sql-injection(39017) Source: XF Type: UNKNOWN typo3-indexedsearch-sql-injection(39017) | ||||||||||||
Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||||||
Oval Definitions | |||||||||||||
| |||||||||||||
BACK |