TYPO3 Flat Manager Unspecified SQL Injection Vulnerability

Bugtraq ID:	69561
Class:	Input Validation Error
CVE:	CVE-2014-6233
Remote:	Yes
Local:	No
Published:	Sep 02 2014 12:00AM
Updated:	Sep 05 2014 12:25AM
Credit:	Ingo Schmitt
Vulnerable:	Typo3 Flat Manager 1.9.18 Typo3 Flat Manager 1.9.16 Typo3 Flat Manager 1.9.15
Not Vulnerable:

TYPO3 Flat Manager Unspecified SQL Injection Vulnerability

TYPO3 Flat Manager ('flatmgr') extension is prone to an unspecified SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Flat Manager 2.7.9 and prior are vulnerable.

TYPO3 Flat Manager Unspecified SQL Injection Vulnerability

Attackers can use a browser to exploit this issue.

TYPO3 Flat Manager Unspecified SQL Injection Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

TYPO3 Flat Manager Unspecified SQL Injection Vulnerability

References:

• TYPO3 Homepage (TYPO3)