Description
The escapeStrForLike method in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 does not properly escape input when the MySQL database is set to sql_mode NO_BACKSLASH_ESCAPES, which allows remote attackers to obtain sensitive information via wildcard characters in a LIKE query.
Remediation
References
Related Vulnerabilities
MediaWiki Incorrect Authorization Vulnerability (CVE-2021-36132)
Oracle JRE CVE-2020-2593 Vulnerability (CVE-2020-2593)
WordPress Plugin InfiniteWP Client Security Bypass (1.9.4.4)
WordPress Plugin Gift Certificate Creator Cross-Site Scripting (1.0.0)
WordPress Plugin Newsletter-Send awesome emails from WordPress Multiple Vulnerabilities (6.8.1)