CVE-2009-2106

SQL injection vulnerability in the Virtual Civil Services (civserv) extension 4.3.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
SQL Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 62%
VendorProductVersion
projektseminar_proservice_wwuvirtual_civil_services
𝑥
≤ 4.3.2
projektseminar_proservice_wwuvirtual_civil_services
4.2.14
projektseminar_proservice_wwuvirtual_civil_services
4.2.15
projektseminar_proservice_wwuvirtual_civil_services
4.3.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://osvdb.org/55121
http://secunia.com/advisories/35479
http://typo3.org/extensions/repository/view/civserv/4.3.3/
http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-007/
http://www.securityfocus.com/bid/35395
http://osvdb.org/55121
http://secunia.com/advisories/35479
http://typo3.org/extensions/repository/view/civserv/4.3.3/
http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-007/
http://www.securityfocus.com/bid/35395