TYPO3 Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability - CVE-2012-6144
SQL injection vulnerability in the Backend History module in TYPO3 4.5.x before 4.5.21 4.6.x before 4.6.14 and 4.7.x before 4.7.6 allows remote authenticated backend users to execute arbitrary SQL commands via unspecified vectors.