CVE-2008-4658

Description

SQL injection vulnerability in the JobControl (dmmjobcontrol) 1.15.4 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Related CPE's

atypo3typo3********

atypo3jobcontrol1.0.0*******

vulnerable

atypo3jobcontrol1.0.1*******

vulnerable

atypo3jobcontrol1.1*******

vulnerable

atypo3jobcontrol1.8*******

vulnerable

atypo3jobcontrol1.5*******

vulnerable

atypo3jobcontrol1.9.4*******

vulnerable

atypo3jobcontrol1.10.0*******

vulnerable

atypo3jobcontrol1.11.2*******

vulnerable

atypo3jobcontrol1.12.0*******

vulnerable

References

31840

Patch

http://typo3.org/teams/security/security-bulletins/typo3-20081020-1/

PatchVendor Advisory

32342

Vendor Advisory

http://typo3.org/extensions/repository/view/dmmjobcontrol/1.15.5/

Patch

ADV-2008-2870

CvssV3 impact

Could not find any metrics

CvssV2 impact

Version

2.0

VectorString

AV:N/AC:L/Au:N/C:P/I:P/A:P

AccessVector

NETWORK

AccessComplexity

LOW

Authentication

NONE

ConfidentialityImpact

PARTIAL

IntegrityImpact

PARTIAL

AvailabilityImpact

PARTIAL

BaseScore

7.5

Created by Yello
About Severity.io