TYPO3 404 Error Page Handling (error_404_handling) Unspecified SQL Injection Vulnerability
BID:39476
Info
TYPO3 404 Error Page Handling (error_404_handling) Unspecified SQL Injection Vulnerability
| Bugtraq ID: | 39476 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 14 2010 12:00AM |
| Updated: | Apr 14 2010 12:00AM |
| Credit: | Frederic Gaus |
| Vulnerable: |
Typo3 404 Error Page Handling 0.1.1 |
| Not Vulnerable: | |
Discussion
TYPO3 404 Error Page Handling (error_404_handling) Unspecified SQL Injection Vulnerability
The 404 Error Page Handling (error_404_handling) extension for TYPO3 is prone to an unspecified SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
404 Error Page Handling 0.1.1 and earlier are vulnerable.
NOTE: This extension is no longer being maintained.
The 404 Error Page Handling (error_404_handling) extension for TYPO3 is prone to an unspecified SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
404 Error Page Handling 0.1.1 and earlier are vulnerable.
NOTE: This extension is no longer being maintained.
Exploit / POC
TYPO3 404 Error Page Handling (error_404_handling) Unspecified SQL Injection Vulnerability
Attackers can use a browser to exploit this issue.
Attackers can use a browser to exploit this issue.
Solution / Fix
TYPO3 404 Error Page Handling (error_404_handling) Unspecified SQL Injection Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
TYPO3 404 Error Page Handling (error_404_handling) Unspecified SQL Injection Vulnerability
References:
References: