It was found that Typo3 Core versions 4.5.0 - 4.5.5 uses prepared statements that, if the parameter values are not properly replaced, could lead to a SQL Injection vulnerability. This issue can only be exploited if two or more parameters are bound to the query and at least two come from user input.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| typo3/cms(Packagist) | 4.5.0 | N/A | N/A |
CVSS Metrics
