TYPO3 Address visualization with Google Maps Unspecified SQL Injection Vulnerability
BID:69564
CVE-2014-6239 |Info
TYPO3 Address visualization with Google Maps Unspecified SQL Injection Vulnerability
| Bugtraq ID: | 69564 |
| Class: | Input Validation Error |
| CVE: |
CVE-2014-6239 |
| Remote: | Yes |
| Local: | No |
| Published: | Sep 02 2014 12:00AM |
| Updated: | Sep 05 2014 12:05AM |
| Credit: | Marc Bastian Heinrichs |
| Vulnerable: | |
| Not Vulnerable: | |
Discussion
TYPO3 Address visualization with Google Maps Unspecified SQL Injection Vulnerability
Address visualization with Google Maps extension for TYPO3 is prone to an unspecified SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Address visualization with Google Maps 0.3.5 and prior are vulnerable.
Address visualization with Google Maps extension for TYPO3 is prone to an unspecified SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Address visualization with Google Maps 0.3.5 and prior are vulnerable.
Exploit / POC
TYPO3 Address visualization with Google Maps Unspecified SQL Injection Vulnerability
An attacker can exploit this issue using a web browser.
An attacker can exploit this issue using a web browser.
Solution / Fix
TYPO3 Address visualization with Google Maps Unspecified SQL Injection Vulnerability
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
TYPO3 Address visualization with Google Maps Unspecified SQL Injection Vulnerability
References:
References:
- TYPO3 Homepage (TYPO3)