CVE-2011-3583

{"id": "CVE-2011-3583", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2019-11-26T00:15:11.093", "references": [{"url": "https://access.redhat.com/security/cve/cve-2011-3583", "tags": ["Broken Link"], "source": "secalert@redhat.com"}, {"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=641682", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://security-tracker.debian.org/tracker/CVE-2011-3583", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://typo3.org/security/advisory/typo3-core-sa-2011-002/", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/security/cve/cve-2011-3583", "tags": ["Broken Link"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=641682", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://security-tracker.debian.org/tracker/CVE-2011-3583", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://typo3.org/security/advisory/typo3-core-sa-2011-002/", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "It was found that Typo3 Core versions 4.5.0 - 4.5.5 uses prepared statements that, if the parameter values are not properly replaced, could lead to a SQL Injection vulnerability. This issue can only be exploited if two or more parameters are bound to the query and at least two come from user input."}, {"lang": "es", "value": "Se detect\u00f3 que Typo3 Core versiones 4.5.0 hasta 4.5.5 utiliza sentencias preparadas que, si los valores de los par\u00e1metros no se reemplazan apropiadamente, podr\u00edan generar una vulnerabilidad de Inyecci\u00f3n SQL. Este problema solo puede ser explotado si dos o m\u00e1s par\u00e1metros est\u00e1n vinculados a la consulta y al menos dos provienen desde la entrada del usuario."}], "lastModified": "2024-11-21T01:30:47.803", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "10811F0A-7CE1-4190-81C6-4AE3CF9797E6", "versionEndIncluding": "4.5.5", "versionStartIncluding": "4.5.0"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}