CVE-2012-6144: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

May 17, 2022 (updated January 12, 2024)

SQL injection vulnerability in the Backend History module in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 allows remote authenticated backend users to execute arbitrary SQL commands via unspecified vectors.

References

typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-005/
www.openwall.com/lists/oss-security/2013/06/19/4
exchange.xforce.ibmcloud.com/vulnerabilities/79964
github.com/advisories/GHSA-947m-vgqc-x6v4
nvd.nist.gov/vuln/detail/CVE-2012-6144

Code Behaviors & Features

Detect and mitigate CVE-2012-6144 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →