Description

The Command Line Interface (CLI) script in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allows remote attackers to obtain the database name via a direct request.

Remediation

References

CVE-2012-1607

Related Vulnerabilities

WordPress Plugin Slimstat Analytics Cross-Site Scripting (4.8)

WordPress Plugin 2kb Amazon Affiliates Store Cross-Site Scripting (2.1.0)

WordPress Plugin Wordfence Security-Firewall & Malware Scan Cross-Site Scripting (3.8.1)

osTicket Improper Validation of Specified Quantity in Input Vulnerability (CVE-2023-30082)

WordPress Plugin Affiliates Manager SQL Injection (2.8.6)

Severity

Medium

Classification

CVE-2012-1607 CWE-200

Tags

Missing Update Known Vulnerabilities