Your submission was sent successfully! Close

CVE-2008-4904

Published: 4 November 2008

SQL injection vulnerability in the "Manage pages" feature (admin/pages) in Typo 5.1.3 and earlier allows remote authenticated users with "blog publisher" rights to execute arbitrary SQL commands via the search[published_at] parameter.

Priority

Medium

Status

Package Release Status
typo3-src
Launchpad, Ubuntu, Debian
dapper Ignored
(reached end-of-life)
gutsy Needed
(reached end-of-life)
hardy Not vulnerable

intrepid Not vulnerable

jaunty Not vulnerable

karmic Not vulnerable

lucid Not vulnerable

upstream Not vulnerable

Notes

AuthorNote
mdeslaur
this isn't typo3, it's something we don't have

References