CVE-2014-6241

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2014-6241
SQL injection vulnerability in the wt_directory extension before 1.4.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

7.5 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://secunia.com/advisories/60867
http://typo3.org/extensions/repository/view/wt_directory Patch
http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-010 Patch Vendor Advisory
http://www.securityfocus.com/bid/69568
https://exchange.xforce.ibmcloud.com/vulnerabilities/95713
http://secunia.com/advisories/60867
http://typo3.org/extensions/repository/view/wt_directory Patch
http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-010 Patch Vendor Advisory
http://www.securityfocus.com/bid/69568
https://exchange.xforce.ibmcloud.com/vulnerabilities/95713
Configurations

Configuration 1 (hide)

cpe:2.3:a:wt_directory_project:wt_directory:*:*:*:*:*:typo3:*:*
History

21 Nov 2024, 02:14

Type Values Removed Values Added
References () http://secunia.com/advisories/60867 - () http://secunia.com/advisories/60867 -
References () http://typo3.org/extensions/repository/view/wt_directory - Patch () http://typo3.org/extensions/repository/view/wt_directory - Patch
References () http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-010 - Patch, Vendor Advisory () http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-010 - Patch, Vendor Advisory
References () http://www.securityfocus.com/bid/69568 - () http://www.securityfocus.com/bid/69568 -
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/95713 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/95713 -
Information

Published : 2014-09-11 14:16

Updated : 2024-11-21 02:14

NVD link : CVE-2014-6241

Mitre link : CVE-2014-6241

CVE.ORG link : CVE-2014-6241

JSON object : View

Products Affected

wt_directory_project

  • wt_directory
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')