[typo3-src] [CVE-2007-6381] SQL injection vulnerability
Bug #180300 reported by
disabled.user
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
typo3-src (Debian) |
Fix Released
|
Unknown
|
|||
typo3-src (Ubuntu) |
Fix Released
|
High
|
William Grant | ||
Dapper |
Won't Fix
|
Undecided
|
Unassigned | ||
Edgy |
Won't Fix
|
Undecided
|
Unassigned | ||
Feisty |
Won't Fix
|
Undecided
|
Unassigned | ||
Gutsy |
Won't Fix
|
Undecided
|
Unassigned | ||
Hardy |
Fix Released
|
High
|
William Grant |
Bug Description
References:
DSA-1439-1 (http://
Quoting:
"Henning Pingel discovered that TYPO3, a web content management framework,
performs insufficient input sanitising, making it vulnerable to SQL
injection by logged-in backend users."
CVE References
Changed in typo3-src: | |
status: | Unknown → Fix Released |
Changed in typo3-src: | |
assignee: | nobody → fujitsu |
importance: | Undecided → High |
status: | New → Triaged |
To post a comment you must log in.
This bug was fixed in the package typo3-src - 4.1.2+debian- 1ubuntu1
--------------- debian- 1ubuntu1) hardy; urgency=low
typo3-src (4.1.2+
* SECURITY UPDATE: arbitary SQL injection. (LP: #180300) patches/ 03_CVE- 2007-6381. dpatch: Ensure that the page ID is in
- debian/
fact an integer. Patch from Debian.
- References:
+ CVE-2007-6381
-- William Grant <email address hidden> Sat, 29 Mar 2008 23:48:31 +1100