TYPO3 Branchenbuch Extension Unspecified SQL Injection Vulnerability
BID:30045
Info
TYPO3 Branchenbuch Extension Unspecified SQL Injection Vulnerability
| Bugtraq ID: | 30045 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jun 01 2008 12:00AM |
| Updated: | Jul 03 2008 05:30PM |
| Credit: | Georg Ringer |
| Vulnerable: |
Typo3 Branchenbuch 0.8.1 |
| Not Vulnerable: |
Typo3 Branchenbuch 0.8.2 |
Discussion
TYPO3 Branchenbuch Extension Unspecified SQL Injection Vulnerability
TYPO3 Branchenbuch extension is prone to an unspecified SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Few details regarding this vulnerability are available; we will update this BID when more information emerges.
Versions up to and including TYPO3 Branchenbuch 0.8.1 are vulnerable.
TYPO3 Branchenbuch extension is prone to an unspecified SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Few details regarding this vulnerability are available; we will update this BID when more information emerges.
Versions up to and including TYPO3 Branchenbuch 0.8.1 are vulnerable.
Exploit / POC
TYPO3 Branchenbuch Extension Unspecified SQL Injection Vulnerability
Attackers can use a browser to exploit this issue.
Attackers can use a browser to exploit this issue.
Solution / Fix
TYPO3 Branchenbuch Extension Unspecified SQL Injection Vulnerability
Solution:
The vendor has released an update. Please see the references for more information.
Solution:
The vendor has released an update. Please see the references for more information.
References
TYPO3 Branchenbuch Extension Unspecified SQL Injection Vulnerability
References:
References:
- Synnefoims Homepage (synnefoims)
- TYPO3 Branchenbuch (TYPO3)
- TYPO3 Collective Security Bulletin TYPO3-20080701-1: Several vulnerabilities in (TYPO3)