CVE-2012-6577

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2012-6577
SQL injection vulnerability in the Formhandler extension before 1.4.1 for TYPO3 allows remote authenticated users with certain permissions to execute arbitrary SQL commands via unspecified vectors.

6.0 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:S/C:P/I:P/A:P

Exploitability : 6.8 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-012/ Vendor Advisory
http://typo3.org/extensions/repository/view/formhandler Patch Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/79670
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:typoheads:formhandler:0.9.4:*:*:*:*:*:*:*
cpe:2.3:a:typoheads:formhandler:0.9.5:*:*:*:*:*:*:*
cpe:2.3:a:typoheads:formhandler:0.9.13:*:*:*:*:*:*:*
cpe:2.3:a:typoheads:formhandler:0.9.14:*:*:*:*:*:*:*
cpe:2.3:a:typoheads:formhandler:*:*:*:*:*:*:*:*
cpe:2.3:a:typoheads:formhandler:0.9.3:*:*:*:*:*:*:*
cpe:2.3:a:typoheads:formhandler:0.9.10:*:*:*:*:*:*:*
cpe:2.3:a:typoheads:formhandler:0.9.11:*:*:*:*:*:*:*
cpe:2.3:a:typoheads:formhandler:0.9.12:*:*:*:*:*:*:*
cpe:2.3:a:typoheads:formhandler:1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:typoheads:formhandler:1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:typoheads:formhandler:0.9.16:*:*:*:*:*:*:*
cpe:2.3:a:typoheads:formhandler:1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:typoheads:formhandler:0.9.7:*:*:*:*:*:*:*
cpe:2.3:a:typoheads:formhandler:0.9.9:*:*:*:*:*:*:*
cpe:2.3:a:typoheads:formhandler:0.9.6:*:*:*:*:*:*:*
cpe:2.3:a:typoheads:formhandler:1.1.0:*:*:*:*:*:*:*
cpe:2.3:a:typoheads:formhandler:0.9.15:*:*:*:*:*:*:*
cpe:2.3:a:typoheads:formhandler:0.9.8:*:*:*:*:*:*:*
cpe:2.3:a:typo3:typo3:-:*:*:*:*:*:*:*
Information

Published : 2013-06-27 13:55

Updated : 2017-08-28 18:32

NVD link : CVE-2012-6577

Mitre link : CVE-2012-6577

JSON object : View

CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Advertisement

dedicated server usa
Products Affected

typo3

  • typo3

typoheads

  • formhandler