1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
|
Candidate: CVE-2010-5104
PublicDate: 2012-05-21
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-5104
http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-022/
Description:
The escapeStrForLike method in TYPO3 4.2.x before 4.2.16, 4.3.x before
4.3.9, and 4.4.x before 4.4.5 does not properly escape input when the MySQL
database is set to sql_mode NO_BACKSLASH_ESCAPES, which allows remote
attackers to obtain sensitive information via wildcard characters in a LIKE
query.
Ubuntu-Description:
Notes:
Bugs:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=607286
Priority: medium
Discovered-by:
Assigned-to:
Patches_typo3-src:
upstream_typo3-src: released (4.3.9,4.4.5)
hardy_typo3-src: ignored (reached end-of-life)
lucid_typo3-src: ignored (reached end-of-life)
natty_typo3-src: not-affected (4.3.9+dfsg1-1)
oneiric_typo3-src: not-affected
precise_typo3-src: not-affected
quantal_typo3-src: not-affected
raring_typo3-src: not-affected
saucy_typo3-src: not-affected
devel_typo3-src: not-affected
|