TYPO3 SQL Frontend Extension Unspecified SQL Injection and Denial of Service Vulnerabilities
BID:30051
Info
TYPO3 SQL Frontend Extension Unspecified SQL Injection and Denial of Service Vulnerabilities
| Bugtraq ID: | 30051 |
| Class: | Input Validation Error |
| CVE: |
CVE-2008-3052 |
| Remote: | Yes |
| Local: | No |
| Published: | Jul 01 2008 12:00AM |
| Updated: | May 07 2015 05:27PM |
| Credit: | Maximilian Gaukler, Frederic Gaus and Marcus Krause |
| Vulnerable: |
Typo3 SQL Frontend 1.0.11 |
| Not Vulnerable: |
Typo3 SQL Frontend 1.0.12 |
Discussion
TYPO3 SQL Frontend Extension Unspecified SQL Injection and Denial of Service Vulnerabilities
The SQL Frontend extension for TYPO3 is prone to an unspecified SQL-injection issue and an unspecified denial-of-services issue because it fails to sufficiently sanitize user-supplied data.
Exploiting the SQL-injection issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Exploiting the denial-of-service issue could prevent legitimate use of the application.
Few details regarding these vulnerabilities are available; we will update this BID when more information emerges.
Versions up to and including SQL Frontend 1.0.11 are vulnerable.
The SQL Frontend extension for TYPO3 is prone to an unspecified SQL-injection issue and an unspecified denial-of-services issue because it fails to sufficiently sanitize user-supplied data.
Exploiting the SQL-injection issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Exploiting the denial-of-service issue could prevent legitimate use of the application.
Few details regarding these vulnerabilities are available; we will update this BID when more information emerges.
Versions up to and including SQL Frontend 1.0.11 are vulnerable.
Exploit / POC
TYPO3 SQL Frontend Extension Unspecified SQL Injection and Denial of Service Vulnerabilities
Attackers will likely use a browser to exploit these issues.
Attackers will likely use a browser to exploit these issues.
Solution / Fix
TYPO3 SQL Frontend Extension Unspecified SQL Injection and Denial of Service Vulnerabilities
Solution:
The vendor has released fixes. Please see the references for more information.
Solution:
The vendor has released fixes. Please see the references for more information.
References
TYPO3 SQL Frontend Extension Unspecified SQL Injection and Denial of Service Vulnerabilities
References:
References:
- Synnefoims Homepage (synnefoims)
- TYPO3 SQL Frontend (TYPO3)
- TYPO3 Collective Security Bulletin TYPO3-20080701-1: Several vulnerabilities in (TYPO3)