Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS05NDdtLXZncWMteDZ2NM4AAZ8M
Typo3 Backend History Module Vulnerable to SQL Injection
SQL injection vulnerability in the Backend History module in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 Due to missing encoding of user input, the history module is susceptible to SQL Injection and Cross-Site Scripting. A valid backend login is required to exploit this vulnerability.
Permalink: https://github.com/advisories/GHSA-947m-vgqc-x6v4JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS05NDdtLXZncWMteDZ2NM4AAZ8M
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: almost 2 years ago
Updated: 4 months ago
Identifiers: GHSA-947m-vgqc-x6v4, CVE-2012-6144
References:
- https://nvd.nist.gov/vuln/detail/CVE-2012-6144
- https://exchange.xforce.ibmcloud.com/vulnerabilities/79964
- http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005/
- http://www.openwall.com/lists/oss-security/2013/06/19/4
- https://github.com/advisories/GHSA-947m-vgqc-x6v4
Affected Packages
packagist:typo3/cms
Dependent packages: 376Dependent repositories: 407
Downloads: 1,858,525 total
Affected Version Ranges: >= 4.7.0, <= 4.7.5, >= 4.6.0, <= 4.6.13, >= 4.5.0, <= 4.5.20
Fixed in: 4.7.6, 4.6.14, 4.5.21
All affected versions:
All unaffected versions: 6.2.0, 6.2.1, 6.2.2, 6.2.3, 6.2.4, 6.2.5, 6.2.6, 6.2.7, 6.2.8, 6.2.9, 6.2.10, 6.2.11, 6.2.12, 6.2.13, 6.2.14, 6.2.15, 6.2.16, 6.2.17, 6.2.18, 6.2.19, 6.2.20, 6.2.21, 6.2.22, 6.2.23, 6.2.24, 6.2.25, 6.2.26, 6.2.27, 6.2.28, 6.2.29, 6.2.30, 6.2.31, 7.0.0, 7.0.1, 7.0.2, 7.1.0, 7.2.0, 7.3.0, 7.3.1, 7.4.0, 7.5.0, 7.6.0, 7.6.1, 7.6.2, 7.6.3, 7.6.4, 7.6.5, 7.6.6, 7.6.7, 7.6.8, 7.6.9, 7.6.10, 7.6.11, 7.6.12, 7.6.13, 7.6.14, 7.6.15, 7.6.16, 7.6.17, 7.6.18, 7.6.19, 7.6.20, 7.6.21, 7.6.22, 7.6.23, 7.6.24, 7.6.25, 7.6.26, 7.6.27, 7.6.28, 7.6.29, 7.6.30, 7.6.31, 7.6.32, 8.0.0, 8.0.1, 8.1.0, 8.1.1, 8.1.2, 8.2.0, 8.2.1, 8.3.0, 8.3.1, 8.4.0, 8.4.1, 8.5.0, 8.5.1, 8.6.0, 8.6.1, 8.7.0, 8.7.1, 8.7.2, 8.7.3, 8.7.4, 8.7.5, 8.7.6, 8.7.7, 8.7.8, 8.7.9, 8.7.10, 8.7.11, 8.7.12, 8.7.13, 8.7.14, 8.7.15, 8.7.16, 8.7.17, 8.7.18, 8.7.19, 8.7.20, 8.7.21, 8.7.22, 8.7.23, 8.7.24, 8.7.25, 8.7.26, 8.7.27, 8.7.28, 8.7.29, 8.7.30, 8.7.31, 8.7.32, 9.0.0, 9.1.0, 9.2.0, 9.2.1, 9.3.0, 9.3.1, 9.3.2, 9.3.3, 9.4.0, 9.5.0, 9.5.1, 9.5.2, 9.5.3, 9.5.4, 9.5.5, 9.5.6, 9.5.7, 9.5.8, 9.5.9, 9.5.10, 9.5.11, 9.5.12, 9.5.13, 9.5.14, 9.5.15, 9.5.16, 9.5.17, 9.5.18, 9.5.19, 9.5.20, 9.5.21, 9.5.22, 9.5.23, 9.5.24, 9.5.25, 9.5.26, 9.5.27, 9.5.28, 9.5.29, 9.5.30, 9.5.31, 10.0.0, 10.1.0, 10.2.0, 10.2.1, 10.2.2, 10.3.0, 10.4.0, 10.4.1, 10.4.2, 10.4.3, 10.4.4, 10.4.5, 10.4.6, 10.4.7, 10.4.8, 10.4.9, 10.4.10, 10.4.11, 10.4.12, 10.4.13, 10.4.14, 10.4.15, 10.4.16, 10.4.17, 10.4.18, 10.4.19, 10.4.20, 10.4.21, 10.4.22, 10.4.23, 10.4.24, 10.4.25, 10.4.26, 10.4.27, 10.4.28, 10.4.29, 10.4.30, 10.4.31, 10.4.32, 10.4.33, 10.4.34, 10.4.35, 10.4.36, 10.4.37, 11.0.0, 11.1.0, 11.1.1, 11.2.0, 11.3.0, 11.3.1, 11.3.2, 11.3.3, 11.4.0, 11.5.0, 11.5.1, 11.5.2, 11.5.3, 11.5.4, 11.5.5, 11.5.6, 11.5.7, 11.5.8, 11.5.9, 11.5.10, 11.5.11, 11.5.12, 11.5.13, 11.5.14, 11.5.15, 11.5.16, 11.5.17, 11.5.18, 11.5.19, 11.5.20, 11.5.21, 11.5.22, 11.5.23, 11.5.24, 11.5.25, 11.5.26, 11.5.27, 11.5.28, 11.5.29, 11.5.30, 11.5.31, 11.5.32, 11.5.33, 11.5.34, 11.5.35, 11.5.36, 12.0.0, 12.1.0, 12.1.1, 12.1.2, 12.1.3, 12.2.0, 12.3.0, 12.4.0, 12.4.1, 12.4.2, 12.4.3, 12.4.4, 12.4.5, 12.4.6, 12.4.7, 12.4.8, 12.4.9, 12.4.10, 12.4.11, 12.4.12, 12.4.13, 12.4.14, 13.0.0, 13.0.1, 13.1.0