CVE-2013-1842
Published: 20 March 2013
SQL injection vulnerability in the Extbase Framework in TYPO3 4.5.x before 4.5.24, 4.6.x before 4.6.17, 4.7.x before 4.7.9, and 6.0.x before 6.0.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to "the Query Object Model and relation values."
Priority
Status
Package | Release | Status |
---|---|---|
typo3-src Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
lucid |
Ignored
(end of life)
|
|
oneiric |
Ignored
(end of life)
|
|
precise |
Ignored
(end of life)
|
|
quantal |
Ignored
(end of life)
|
|
raring |
Not vulnerable
(4.5.19+dfsg1-5)
|
|
saucy |
Not vulnerable
(4.5.19+dfsg1-5)
|
|
trusty |
Does not exist
(trusty was not-affected [4.5.19+dfsg1-5])
|
|
upstream |
Released
(4.5.19+dfsg1-5)
|
|
utopic |
Not vulnerable
(4.5.19+dfsg1-5)
|
|
vivid |
Not vulnerable
(4.5.19+dfsg1-5)
|
|
wily |
Does not exist
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
zesty |
Does not exist
|
|
Patches: vendor: http://www.debian.org/security/2013/dsa-2646 |