Lucene search

[email protected]NVD:CVE-2015-4610

HistoryJun 16, 2015 - 4:59 p.m.

CVE-2015-4610

2015-06-1616:59:08

CWE-89

[email protected]

web.nvd.nist.gov

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

AI Score

7.9

Confidence

Low

EPSS

0.001

Percentile

46.3%

JSON

SQL injection vulnerability in the Store Locator (locator) extension before 3.3.1 for TYPO3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

Affected configurations

Nvd

Node

store_locator_projectstore_locatorRange≤3.3.0typo3

VendorProductVersionCPE
store_locator_projectstore_locator*cpe:2.3:a:store_locator_project:store_locator:*:*:*:*:*:typo3:*:*

Vendor	Product	Version	CPE
store_locator_project	store_locator	*	cpe:2.3:a:store_locator_project:store_locator::::::typo3::*

References

typo3.org/extensions/repository/view/locator

typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2015-009/

www.securityfocus.com/bid/75262

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

AI Score

7.9

Confidence

Low

EPSS

0.001

Percentile

46.3%

JSON

Related for NVD:CVE-2015-4610

cve1 prion1 cvelist1