Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2010-5104


The escapeStrForLike method in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 does not properly escape input when the MySQL database is set to sql_mode NO_BACKSLASH_ESCAPES, which allows remote attackers to obtain sensitive information via wildcard characters in a LIKE query.


Published

2012-05-21T20:55:17.617

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 4.3 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

  • Access Vector: NETWORK
  • Access Complexity: MEDIUM
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: NONE
  • Availability Impact: NONE
Exploitability Score

8.6

Impact Score

2.9

Weaknesses
  • Type: Primary
    CWE-200

Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application typo3 typo3 4.2.0 Yes
Application typo3 typo3 4.2.1 Yes
Application typo3 typo3 4.2.2 Yes
Application typo3 typo3 4.2.3 Yes
Application typo3 typo3 4.2.4 Yes
Application typo3 typo3 4.2.5 Yes
Application typo3 typo3 4.2.6 Yes
Application typo3 typo3 4.2.7 Yes
Application typo3 typo3 4.2.8 Yes
Application typo3 typo3 4.2.9 Yes
Application typo3 typo3 4.2.10 Yes
Application typo3 typo3 4.2.11 Yes
Application typo3 typo3 4.2.12 Yes
Application typo3 typo3 4.2.13 Yes
Application typo3 typo3 4.2.14 Yes
Application typo3 typo3 4.2.15 Yes
Application typo3 typo3 4.3.0 Yes
Application typo3 typo3 4.3.1 Yes
Application typo3 typo3 4.3.2 Yes
Application typo3 typo3 4.3.3 Yes
Application typo3 typo3 4.3.4 Yes
Application typo3 typo3 4.3.5 Yes
Application typo3 typo3 4.3.6 Yes
Application typo3 typo3 4.3.7 Yes
Application typo3 typo3 4.3.8 Yes
Application typo3 typo3 4.4.1 Yes
Application typo3 typo3 4.4.2 Yes
Application typo3 typo3 4.4.3 Yes
Application typo3 typo3 4.4.4 Yes

References