CVE-2008-4655

Description

SQL injection vulnerability in the Simple survey (simplesurvey) 1.7.0 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Related CPE's

atypo3typo3********

atypo3simplesurvey********

vulnerable

atypo3simplesurvey1.4.0*******

vulnerable

atypo3simplesurvey1.3.1*******

vulnerable

atypo3simplesurvey1.1.1*******

vulnerable

atypo3simplesurvey1.1.0*******

vulnerable

atypo3simplesurvey1.5.3*******

vulnerable

atypo3simplesurvey1.5.2*******

vulnerable

atypo3simplesurvey1.2.4*******

vulnerable

atypo3simplesurvey1.2.3*******

vulnerable

References

http://typo3.org/extensions/repository/view/simplesurvey/1.8.1/

Patch

32369

Vendor Advisory

http://typo3.org/teams/security/security-bulletins/typo3-20081020-1/

Patch

ADV-2008-2870

CvssV3 impact

Could not find any metrics

CvssV2 impact

Version

2.0

VectorString

AV:N/AC:L/Au:N/C:P/I:P/A:P

AccessVector

NETWORK

AccessComplexity

LOW

Authentication

NONE

ConfidentialityImpact

PARTIAL

IntegrityImpact

PARTIAL

AvailabilityImpact

PARTIAL

BaseScore

7.5

Created by Yello
About Severity.io