Vulnerability Description
SQL injection vulnerability in the "FAQ - Frequently Asked Questions" (js_faq) extension before 1.2.1 for TYPO3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Faq-Frequenty Asked Questions Project | Faq-Frequently Asked Questions | <= 1.2.0 |
Related Weaknesses (CWE)
References
- http://typo3.org/extensions/repository/view/js_faqPatch
- http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-saVendor Advisory
- http://www.securityfocus.com/bid/75256
- http://typo3.org/extensions/repository/view/js_faqPatch
- http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-saVendor Advisory
- http://www.securityfocus.com/bid/75256
FAQ
What is CVE-2015-4612?
CVE-2015-4612 is a vulnerability with a CVSS score of 6.5 (MEDIUM). SQL injection vulnerability in the "FAQ - Frequently Asked Questions" (js_faq) extension before 1.2.1 for TYPO3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vect...
How severe is CVE-2015-4612?
CVE-2015-4612 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-4612?
Check the references section above for vendor advisories and patch information. Affected products include: Faq-Frequenty Asked Questions Project Faq-Frequently Asked Questions.