Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
TYPO3 Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2009-4855 - Vulnerability Database
TYPO3

TYPO3 Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2009-4855

High
Reference: CVE-2009-4855
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2009-4855
Title: TYPO3 Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
Overview:

DISPUTED SQL injection vulnerability in index.php in TYPO3 4.0 allows remote attackers to execute arbitrary SQL commands via the showUid parameter. NOTE: the TYPO3 Security Team disputes this report stating that quotthere is no such vulnerability... The showUid parameter is generally used in third-party TYPO3 extensions - not in TYPO3 Core.quot