SQL Injection in Commerce Extension for TYPO3
CVE-2008-5609

Currently unrated

Key Information:

Vendor: Typo3
Status: Commerce Extension
Vendor: CVE Published:; 17 December 2008

What is CVE-2008-5609?

A SQL injection vulnerability exists in the Commerce extension for TYPO3, specifically impacting versions 0.9.6 and earlier. This flaw allows remote attackers to craft malicious SQL queries that can be executed against the database, potentially leading to unauthorized data access and manipulation. The issue arises from insufficient validation of user input, enabling attackers to exploit the application through various vectors. Remediation involves upgrading to a secure version of the Commerce extension to prevent exploitation.

References

http://www.vupen.com/english/advisories/2008/2870

vdb-entryx_refsource_VUPEN

http://typo3.org/teams/security/security-bulletins/typo3-...

x_refsource_CONFIRM

http://typo3.org/extensions/repository/view/commerce/0.9.7/

x_refsource_CONFIRM

Timeline

Vulnerability published
Dec 17, 2008
Vulnerability Reserved
Dec 16, 2008

Typo3

What is CVE-2008-5609?

References

Timeline