Arbitrary SQL Command Execution in TYPO3 Backend History Module

Arbitrary SQL Command Execution in TYPO3 Backend History Module

CVE-2012-6144 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

SQL injection vulnerability in the Backend History module in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 allows remote authenticated backend users to execute arbitrary SQL commands via unspecified vectors.

Learn more about our User Device Pen Test.