Description

SQL injection vulnerability in the Backend History module in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 allows remote authenticated backend users to execute arbitrary SQL commands via unspecified vectors.

Remediation

References

CVE-2012-6144

Related Vulnerabilities

MediaWiki Improper Input Validation Vulnerability (CVE-2020-35477)

WordPress Plugin Wholesale Market for WooCommerce Arbitrary File Download (1.0.7)

Drupal Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2013-6385)

Jenkins Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-1000170)

WordPress Plugin Elementor Website Builder Cross-Site Scripting (2.7.5)

Severity

Medium

Classification

CVE-2012-6144 CWE-138

Tags

Missing Update Known Vulnerabilities