Description

SQL injection vulnerability in the indexed_search system extension in TYPO3 3.x, 4.0 through 4.0.7, and 4.1 through 4.1.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

Remediation

References

CVE-2007-6381

Related Vulnerabilities

WordPress Plugin Easy Accordion-Best Accordion FAQ Cross-Site Scripting (2.0.21)

ProjectSend Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2024-7658)

Envoy Proxy CVE-2023-27496 Vulnerability (CVE-2023-27496)

Oracle JRE Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2013-4578)

Magento Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-7871)

Severity

Medium

Classification

CVE-2007-6381 CWE-138

Tags

Missing Update Known Vulnerabilities