SQL Injection Vulnerability in Typo3 Core 4.5.0 - 4.5.5

SQL Injection Vulnerability in Typo3 Core 4.5.0 - 4.5.5

CVE-2011-3583 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

It was found that Typo3 Core versions 4.5.0 - 4.5.5 uses prepared statements that, if the parameter values are not properly replaced, could lead to a SQL Injection vulnerability. This issue can only be exploited if two or more parameters are bound to the query and at least two come from user input.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.