SQL Injection Vulnerability in TYPO3 Category-System Extension
CVE-2012-1072

Currently unrated

Key Information:

Vendor: Typo3
Status: Toi Category
Vendor: CVE Published:; 14 February 2012

What is CVE-2012-1072?

A SQL injection vulnerability exists in the Category-System extension for TYPO3, specifically in version 0.6.0 and earlier. This flaw allows remote attackers to execute arbitrary SQL commands through undisclosed methods, potentially leading to unauthorized data access or manipulation. It is crucial for administrators using the affected extension to apply security updates and implement best practices to mitigate the risk associated with this vulnerability.

References

http://typo3.org/teams/security/security-bulletins/typo3-...

x_refsource_MISC

http://www.securityfocus.com/bid/51834

vdb-entryx_refsource_BID

http://osvdb.org/78785

vdb-entryx_refsource_OSVDB

Timeline

Vulnerability published
Feb 14, 2012
Vulnerability Reserved
Feb 14, 2012

Typo3

What is CVE-2012-1072?

References

Timeline