cbcvebase.
CVE-2010-5104
published 2012-05-21

CVE-2010-5104: The escapeStrForLike method in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 does not properly escape input when the MySQL database is…

PriorityP420medium4.3CVSS 2.0
AVNACMAuNCPINAN
EPSS
1.67%
73.8th percentile
The escapeStrForLike method in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 does not properly escape input when the MySQL database is set to sql_mode NO_BACKSLASH_ESCAPES, which allows remote attackers to obtain sensitive information via wildcard characters in a LIKE query.

Affected

32 ranges· showing 25
VendorProductVersion rangeFixed in
typo3cms-core>= 4.2.0 < 4.2.164.2.16
typo3cms-core>= 4.3.0 < 4.3.94.3.9
typo3cms-core>= 4.4.0 < 4.4.54.4.5
typo3typo3
typo3typo3
typo3typo3
typo3typo3
typo3typo3
typo3typo3
typo3typo3
typo3typo3
typo3typo3
typo3typo3
typo3typo3
typo3typo3
typo3typo3
typo3typo3
typo3typo3
typo3typo3
typo3typo3
typo3typo3
typo3typo3
typo3typo3
typo3typo3
typo3typo3
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.