TYPO3 My quiz and poll Extension CVE-2013-4745 Unspecified SQL-Injection Vulnerability
BID:58057
Info
TYPO3 My quiz and poll Extension CVE-2013-4745 Unspecified SQL-Injection Vulnerability
| Bugtraq ID: | 58057 |
| Class: | Input Validation Error |
| CVE: |
CVE-2013-4745 |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 19 2013 12:00AM |
| Updated: | Jul 03 2013 08:31PM |
| Credit: | Roberto Presedo |
| Vulnerable: | |
| Not Vulnerable: | |
Discussion
TYPO3 My quiz and poll Extension CVE-2013-4745 Unspecified SQL-Injection Vulnerability
My quiz and poll extension for TYPO3 is prone to an unspecified SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data.
Note: The issue described by CVE-2013-4746 has been moved to BID 60939 (TYPO3 My quiz and poll Extension CVE-2013-4746 Unspecified Cross Site Scripting Vulnerability) for better documentation.
A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
My quiz and poll 2.0.0 and prior are vulnerable.
My quiz and poll extension for TYPO3 is prone to an unspecified SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data.
Note: The issue described by CVE-2013-4746 has been moved to BID 60939 (TYPO3 My quiz and poll Extension CVE-2013-4746 Unspecified Cross Site Scripting Vulnerability) for better documentation.
A successful exploit may allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
My quiz and poll 2.0.0 and prior are vulnerable.
Exploit / POC
TYPO3 My quiz and poll Extension CVE-2013-4745 Unspecified SQL-Injection Vulnerability
An attacker can exploit this issue using a web browser.
An attacker can exploit this issue using a web browser.
Solution / Fix
TYPO3 My quiz and poll Extension CVE-2013-4745 Unspecified SQL-Injection Vulnerability
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
TYPO3 My quiz and poll Extension CVE-2013-4745 Unspecified SQL-Injection Vulnerability
References:
References:
- TYPO3 Homepage (TYPO3)