Description

SQL injection vulnerability in the traditional frontend editing feature in the Frontend Editing subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote authenticated users to execute arbitrary SQL commands via unspecified parameters.

Remediation

References

CVE-2009-3632

Related Vulnerabilities

MySQL CVE-2019-2740 Vulnerability (CVE-2019-2740)

MyBB Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2013-7288)

WordPress Plugin WP Data Access Privilege Escalation (5.3.7)

WordPress Plugin A. Gallery TimThumb Arbitrary File Upload (0.9rev378511)

ProjectSend Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2021-40886)

Severity

Medium

Classification

CVE-2009-3632 CWE-138

Tags

Missing Update Known Vulnerabilities