TYPO3 Category System Extension Cross Site Scripting and SQL Injection Vulnerabilities
BID:51834
Info
TYPO3 Category System Extension Cross Site Scripting and SQL Injection Vulnerabilities
| Bugtraq ID: | 51834 |
| Class: | Input Validation Error |
| CVE: |
CVE-2012-1072 CVE-2012-1073 |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 02 2012 12:00AM |
| Updated: | Feb 16 2012 05:50PM |
| Credit: | Georg Ringer |
| Vulnerable: |
Typo3 Category System 0.6.0 |
| Not Vulnerable: | |
Discussion
TYPO3 Category System Extension Cross Site Scripting and SQL Injection Vulnerabilities
TYPO3 Category System extension is prone to unspecified SQL-injection and cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
TYPO3 Category System 0.6.0 and prior versions are vulnerable.
TYPO3 Category System extension is prone to unspecified SQL-injection and cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
TYPO3 Category System 0.6.0 and prior versions are vulnerable.
Exploit / POC
TYPO3 Category System Extension Cross Site Scripting and SQL Injection Vulnerabilities
An attacker can exploit the SQL-injection issue with a browser. To exploit a cross-site scripting issue the attacker must entice an unsuspecting victim to follow a malicious URI.
An attacker can exploit the SQL-injection issue with a browser. To exploit a cross-site scripting issue the attacker must entice an unsuspecting victim to follow a malicious URI.
Solution / Fix
TYPO3 Category System Extension Cross Site Scripting and SQL Injection Vulnerabilities
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
TYPO3 Category System Extension Cross Site Scripting and SQL Injection Vulnerabilities
References:
References: