TYPO3 SQL Frontend Extension Unspecified SQL Injection and Denial of Service Vulnerabilities

The SQL Frontend extension for TYPO3 is prone to an unspecified SQL-injection issue and an unspecified denial-of-services issue because it fails to sufficiently sanitize user-supplied data.

Exploiting the SQL-injection issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Exploiting the denial-of-service issue could prevent legitimate use of the application.

Few details regarding these vulnerabilities are available; we will update this BID when more information emerges.

Versions up to and including SQL Frontend 1.0.11 are vulnerable.


 

Privacy Statement
Copyright 2010, SecurityFocus