Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
TYPO3 Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2011-3583 - Vulnerability Database
TYPO3

TYPO3 Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2011-3583

Critical
Reference: CVE-2011-3583
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2011-3583
Title: TYPO3 Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
Overview:

It was found that Typo3 Core versions 4.5.0 - 4.5.5 uses prepared statements that if the parameter values are not properly replaced could lead to a SQL Injection vulnerability. This issue can only be exploited if two or more parameters are bound to the query and at least two come from user input.