CVE-2012-1607: TYPO3 allows remote attackers to obtain the database name via a direct request

May 17, 2022 (updated April 12, 2025)

The Command Line Interface (CLI) script in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allows remote attackers to obtain the database name via a direct request.

References

github.com/TYPO3/typo3
github.com/advisories/GHSA-q68v-vcjg-r3vp
nvd.nist.gov/vuln/detail/CVE-2012-1607
web.archive.org/web/20120426034517/http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-001
web.archive.org/web/20120527123559/http://www.securityfocus.com/bid/52771

Code Behaviors & Features

Detect and mitigate CVE-2012-1607 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →