SQL Injection Vulnerability in TYPO3 Address Directory Extension by TYPO3
CVE-2008-3038

Currently unrated

Key Information:

Vendor: Typo3
Status: Address Directory
Vendor: CVE Published:; 7 July 2008

What is CVE-2008-3038?

A SQL injection vulnerability exists in the Address Directory extension for TYPO3, specifically in versions 0.2.10 and earlier. This flaw allows remote attackers to inject and execute arbitrary SQL commands on the server, potentially leading to unauthorized access, data leakage, or manipulation of the database. The vulnerability is triggered through unspecified vectors, making it crucial for TYPO3 users to secure their installations by updating to the latest version and applying necessary security patches.

References

http://typo3.org/teams/security/security-bulletins/typo3-...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/30049

vdb-entryx_refsource_BID

https://exchange.xforce.ibmcloud.com/vulnerabilities/43492

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Jul 7, 2008
Vulnerability Reserved
Jul 7, 2008

Typo3

What is CVE-2008-3038?

References

Timeline