TYPO3 wt_directory Extension Unspecified SQL Injection Vulnerability
BID:69568
CVE-2014-6241 |Info
TYPO3 wt_directory Extension Unspecified SQL Injection Vulnerability
| Bugtraq ID: | 69568 |
| Class: | Input Validation Error |
| CVE: |
CVE-2014-6241 |
| Remote: | Yes |
| Local: | No |
| Published: | Sep 02 2014 12:00AM |
| Updated: | Sep 05 2014 12:25AM |
| Credit: | Marc Bastian Heinrichs |
| Vulnerable: | |
| Not Vulnerable: | |
Discussion
TYPO3 wt_directory Extension Unspecified SQL Injection Vulnerability
The wt_directory extension for TYPO3 is prone to an unspecified SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
wt_directory 1.4.0 and prior are vulnerable.
The wt_directory extension for TYPO3 is prone to an unspecified SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
wt_directory 1.4.0 and prior are vulnerable.
Exploit / POC
TYPO3 wt_directory Extension Unspecified SQL Injection Vulnerability
An attacker can exploit this issue using a web browser.
An attacker can exploit this issue using a web browser.
Solution / Fix
TYPO3 wt_directory Extension Unspecified SQL Injection Vulnerability
Solution:
Updates are available. Please see the references or vendor advisory for more information.
Solution:
Updates are available. Please see the references or vendor advisory for more information.
References
TYPO3 wt_directory Extension Unspecified SQL Injection Vulnerability
References:
References:
- TYPO3 Homepage (TYPO3)