CVE-2012-1607 — Sensitive Information Exposure in CMS

CWE-200 — Sensitive Information Exposure CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer8 documents6 sources

Severity

5.0MEDIUMNVD

CISA7.8

EPSS

0.7%

top 27.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Typo3 CMS Typo3

Timeline

PublishedSep 4

Latest updateMay 17

Description

The Command Line Interface (CLI) script in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allows remote attackers to obtain the database name via a direct request.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶Packagisttypo3/cms4.4.0 — 4.4.13+2

▶NVDtypo3/typo340 versions+39

🔴Vulnerability Details

OSV

TYPO3 allows remote attackers to obtain the database name via a direct request↗2022-05-17

▶

GHSA

TYPO3 allows remote attackers to obtain the database name via a direct request↗2022-05-17

▶

CVEList

CVE-2012-1607: The Command Line Interface (CLI) script in TYPO3 4↗2012-09-04

▶

OSV

CVE-2012-1607: The Command Line Interface (CLI) script in TYPO3 4↗2012-09-04

▶

📋Vendor Advisories

CISA

Microsoft Graphics Device Interface (GDI) Privilege Escalation Vulnerability↗2022-03-03

▶

CISA

Microsoft Malware Protection Engine Improper Restriction of Operations Vulnerability↗2022-03-03

▶