SQL Injection Vulnerability in TYPO3 by TYPO3 CMS
CVE-2010-3662

8.8HIGH

Key Information:

Vendor

Typo3

Status
Typo3
Vendor
CVE Published:
4 November 2019

What is CVE-2010-3662?

The TYPO3 CMS prior to version 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4, and 4.4.x before 4.4.1 is susceptible to SQL Injection attacks through the backend interface. This vulnerability enables authenticated users to manipulate database queries, potentially leading to unauthorized access to sensitive data or even complete system compromise. It is crucial for users of affected versions to update their systems and apply necessary security patches promptly to mitigate this risk.

References

https://security-tracker.debian.org/tracker/CVE-2010-3662
x_refsource_MISC
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719
x_refsource_MISC
https://typo3.org/security/advisory/typo3-sa-2010-012/#SQ...
x_refsource_CONFIRM

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.