CVE-2010-5103SQL Injection in CMS

CWE-89SQL Injection4 documents4 sources
Severity
6.0MEDIUMNVD
EPSS
0.7%
top 29.08%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Typo3 CMSTypo3
Timeline
PublishedMay 21
Latest updateMay 17

Description

SQL injection vulnerability in the list module in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 allows remote authenticated users with certain permissions to execute arbitrary SQL commands via unspecified vectors.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 6.8 | Impact: 6.4

Affected Packages2 packages

Packagisttypo3/cms4.2.04.2.16+2
NVDtypo3/typo329 versions+28

🔴Vulnerability Details

3
OSV
TYPO3 SQL Injection vulnerability2022-05-17
GHSA
TYPO3 SQL Injection vulnerability2022-05-17
CVEList
CVE-2010-5103: SQL injection vulnerability in the list module in TYPO3 42012-05-21
CVE-2010-5103 — SQL Injection in Typo3 CMS | cvebase