CVE-2012-1607

The Command Line Interface (CLI) script in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allows remote attackers to obtain the database name via a direct request.

Published Bysecalert@redhat.com

Published DateSep 04, 2012, 20:55

Affected Versions(3)

typo3/cms(Packagist)

Introduced4.4.0

FixedN/A

LimitN/A

typo3/cms(Packagist)

Introduced4.5.0

FixedN/A

LimitN/A

typo3/cms(Packagist)

Introduced4.6.0

FixedN/A

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
typo3/cms(Packagist)	4.4.0	N/A	N/A
typo3/cms(Packagist)	4.5.0	N/A	N/A
typo3/cms(Packagist)	4.6.0	N/A	N/A

Weakness Type (CWE):CWE-200

CVSS Metrics

Base Score

Vector String

AV:N/AC:L/Au:N/C:P/I:N/A:N

Base Severity

Version

2.0

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

PARTIAL

Integrity (I)

NONE

Availability (A)

NONE

References

Weakness Type (CWE):CWE-200

CVSS Metrics

Base Score

Vector String

AV:N/AC:L/Au:N/C:P/I:N/A:N

Base Severity

Version

2.0

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

PARTIAL

Integrity (I)

NONE

Availability (A)

NONE