Candidate: CVE-2011-3583
PublicDate: 2019-11-26 00:15:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3583
 http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2011-002/
Description:
 It was found that Typo3 Core versions 4.5.0 - 4.5.5 uses prepared
 statements that, if the parameter values are not properly replaced, could
 lead to a SQL Injection vulnerability. This issue can only be exploited if
 two or more parameters are bound to the query and at least two come from
 user input.
Ubuntu-Description: 
Notes: 
Bugs: 
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=641682
Priority: medium
Discovered-by:
Assigned-to: 
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]

Patches_typo3-src:
upstream_typo3-src: released (4.5.6)
hardy_typo3-src: ignored (reached end-of-life)
lucid_typo3-src: ignored (reached end-of-life)
maverick_typo3-src: ignored (reached end-of-life)
natty_typo3-src: ignored (reached end-of-life)
oneiric_typo3-src: ignored (reached end-of-life)
precise_typo3-src: not-affected (4.5.6+dfsg1-1)
quantal_typo3-src: not-affected (4.5.6+dfsg1-1)
raring_typo3-src: not-affected (4.5.6+dfsg1-1)
saucy_typo3-src: not-affected (4.5.6+dfsg1-1)
devel_typo3-src: not-affected (4.5.6+dfsg1-1)