Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
osvGoogleOSV:DSA-2646-1
HistoryMar 15, 2013 - 12:00 a.m.

typo3-src - several

2013-03-1500:00:00
Google
osv.dev
18

EPSS

0.005

Percentile

76.5%

JSON

TYPO3, a PHP-based content management system, was found vulnerable to several vulnerabilities.

  • CVE-2013-1842
    Helmut Hummel and Markus Opahle discovered that the Extbase database layer
    was not correctly sanitizing user input when using the Query object model.
    This can lead to SQL injection by a malicious user inputing crafted
    relation values.
  • CVE-2013-1843
    Missing user input validation in the access tracking mechanism could lead
    to arbitrary URL redirection.

Note: the fix will break already published links. Upstream advisory
TYPO3-CORE-SA-2013-001
has more information on how to mitigate that.

For the stable distribution (squeeze), these problems have been fixed in
version 4.3.9+dfsg1-1+squeeze8.

For the testing distribution (wheezy), these problems have been fixed in
version 4.5.19+dfsg1-5.

For the unstable distribution (sid), these problems have been fixed in
version 4.5.19+dfsg1-5.

We recommend that you upgrade your typo3-src packages.

Related

openvas 3
securityvulns 2
nessus 2
debian 1
ubuntucve 2
cvelist 2
github 2
prion 2
osv 2
cve 2
nvd 2
openvas
openvas
Debian: Security Advisory (DSA-2646-1)
2013-03-14 00:00:00
Debian Security Advisory DSA 2646-1 (typo3-src - several vulnerabilities)
2013-03-15 00:00:00
TYPO3 Multiple Vulnerabilities (Mar 2013)
2014-01-03 00:00:00
securityvulns
securityvulns
[SECURITY] [DSA 2646-1] typo3-src security update
2013-05-06 00:00:00
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
2013-05-06 00:00:00
nessus
nessus
Debian DSA-2646-1 : typo3-src - several vulnerabilities
2013-03-17 00:00:00
openSUSE Security Update : typo3-cms-4_5/typo3-cms-4_6/typo3-cms-4_7 (openSUSE-SU-2013:0510-1)
2014-06-13 00:00:00
debian
debian
[SECURITY] [DSA 2646-1] typo3-src security update
2013-03-15 20:47:11
ubuntucve
ubuntucve
CVE-2013-1843
2013-03-20 00:00:00
CVE-2013-1842
2013-03-20 00:00:00
cvelist
cvelist
CVE-2013-1843
2013-03-20 15:00:00
CVE-2013-1842
2013-03-20 15:00:00
github
github
TYPO3 Open redirect vulnerability in the Access tracking mechanism
2022-05-17 05:08:47
TYPO3 SQL injection vulnerability in the Extbase Framework
2022-05-17 05:08:48
prion
prion
Open redirect
2013-03-20 15:55:00
Sql injection
2013-03-20 15:55:00
osv
osv
TYPO3 Open redirect vulnerability in the Access tracking mechanism
2022-05-17 05:08:47
TYPO3 SQL injection vulnerability in the Extbase Framework
2022-05-17 05:08:48
cve
cve
CVE-2013-1842
2013-03-20 15:55:00
CVE-2013-1843
2013-03-20 15:55:01
nvd
nvd
CVE-2013-1842
2013-03-20 15:55:00
CVE-2013-1843
2013-03-20 15:55:01

EPSS

0.005

Percentile

76.5%

JSON
Related for OSV:DSA-2646-1
openvas3securityvulns2nessus2debian1ubuntucve2cvelist2github2prion2osv2cve2nvd2