CVE-2009-4855

Publication date 11 May 2010

Last updated 4 August 2025

Ubuntu priority

Medium

Why this priority?

Description

SQL injection vulnerability in index.php in TYPO3 4.0 allows remote attackers to execute arbitrary SQL commands via the showUid parameter. NOTE: the TYPO3 Security Team disputes this report, stating that "there is no such vulnerability... The showUid parameter is generally used in third-party TYPO3 extensions - not in TYPO3 Core.

Read the notes from the security team

Status

Package Ubuntu Release Status
typo3-src 18.10 cosmic Not in release
18.04 LTS bionic Not in release
17.10 artful Not in release
17.04 zesty Not in release
16.10 yakkety Not in release
16.04 LTS xenial Not in release
15.10 wily Not in release
15.04 vivid Ignored end of life
14.10 utopic Ignored end of life
14.04 LTS trusty Not in release
13.10 saucy Ignored end of life
13.04 raring Ignored end of life
12.10 quantal Ignored end of life
12.04 LTS precise Ignored end of life
11.10 oneiric Ignored end of life
11.04 natty Ignored end of life
10.10 maverick Ignored end of life
10.04 LTS lucid Ignored end of life
9.10 karmic Ignored end of life
9.04 jaunty Ignored end of life
8.04 LTS hardy Ignored end of life
6.06 LTS dapper Ignored end of life

Notes

debian

Bogus issue claimed for typo3

References

Other references

Access our resources on patching vulnerabilities