Test ID:	1.3.6.1.4.1.25623.1.0.804220
Category:	Web application abuses
Title:	TYPO3 Multiple Vulnerabilities (Dec 2010)
Summary:	TYPO3 is prone to multiple vulnerabilities.
Description:	Summary: TYPO3 is prone to multiple vulnerabilities. Vulnerability Insight: Multiple errors exist in the application: - An error exists in fileDenyPattern functionality, which does not properly filter file types. - An error exists enlarge functionality, FORM content object, list module and class.em_unzip.php script, which fails to validate certain user provided input properly. - An error exists in escapeStrForLike method, which does not properly escape input when the MySQL database is set to sql_mode NO_BACKSLASH_ESCAPES. Vulnerability Impact: Successful exploitation will allow remote attackers to get sensitive information or execute SQL commands. Affected Software/OS: TYPO3 version 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 Solution: Upgrade to TYPO3 version 4.2.16, 4.3.9, 4.4.5 or later. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2010-5097 BugTraq ID: 45470 http://www.securityfocus.com/bid/45470 http://www.openwall.com/lists/oss-security/2011/01/13/2 http://www.openwall.com/lists/oss-security/2012/05/11/3 http://www.openwall.com/lists/oss-security/2012/05/10/7 http://www.openwall.com/lists/oss-security/2012/05/12/5 http://www.osvdb.org/70123 http://secunia.com/advisories/35770 XForce ISS Database: typo3-clickenlarge-xss(64178) https://exchange.xforce.ibmcloud.com/vulnerabilities/64178 Common Vulnerability Exposure (CVE) ID: CVE-2010-5098 http://www.osvdb.org/70122 XForce ISS Database: typo3-form-xss(64179) https://exchange.xforce.ibmcloud.com/vulnerabilities/64179 Common Vulnerability Exposure (CVE) ID: CVE-2010-5099 http://www.exploit-db.com/exploits/15856 http://blog.nibblesec.org/2010/12/typo3-sa-2010-020-typo3-sa-2010-022.html XForce ISS Database: typo3-unspecified-file-include(64180) https://exchange.xforce.ibmcloud.com/vulnerabilities/64180 Common Vulnerability Exposure (CVE) ID: CVE-2010-5100 http://www.osvdb.org/70120 XForce ISS Database: typo3-install-tool-xss(64181) https://exchange.xforce.ibmcloud.com/vulnerabilities/64181 Common Vulnerability Exposure (CVE) ID: CVE-2010-5101 http://www.osvdb.org/70119 Common Vulnerability Exposure (CVE) ID: CVE-2010-5102 http://bugs.typo3.org/view.php?id=16362 http://securesystems.ca/advisory.php?id=2010-001 Common Vulnerability Exposure (CVE) ID: CVE-2010-5103 http://www.osvdb.org/70117 XForce ISS Database: typo3-listmodule-sql-injection(64184) https://exchange.xforce.ibmcloud.com/vulnerabilities/64184 Common Vulnerability Exposure (CVE) ID: CVE-2010-5104 http://www.osvdb.org/70116 XForce ISS Database: typo3-escapestrforlike-info-disc(64185) https://exchange.xforce.ibmcloud.com/vulnerabilities/64185
Copyright	Copyright (C) 2014 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.