Description
** DISPUTED ** SQL injection vulnerability in index.php in TYPO3 4.0 allows remote attackers to execute arbitrary SQL commands via the showUid parameter. NOTE: the TYPO3 Security Team disputes this report, stating that "there is no such vulnerability... The showUid parameter is generally used in third-party TYPO3 extensions - not in TYPO3 Core."
Remediation
References
Related Vulnerabilities
WordPress Plugin Lim4wp 'upload.php' Arbitrary File Upload (1.1.1)
ZenCart Improper Input Validation Vulnerability (CVE-2009-4321)
Drupal Core 6.x Multiple Vulnerabilities (6.0 - 6.12)
WordPress 3.3 Cross-Site Scripting Vulnerability (3.3)
WordPress Plugin Calculated Fields Form Cross-Site Scripting (1.0.81)