CVE-2010-3662: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

April 21, 2022 (updated February 7, 2024)

TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows SQL Injection on the backend.

References

bugs.debian.org/cgi-bin/bugreport.cgi?bug=590719
github.com/advisories/GHSA-4rvc-5hrh-qmwf
nvd.nist.gov/vuln/detail/CVE-2010-3662
security-tracker.debian.org/tracker/CVE-2010-3662
typo3.org/security/advisory/typo3-sa-2010-012/

Detect and mitigate CVE-2010-3662 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →