Thomas Worm

**Name of the Vulnerable Software and Affected Versions** TYPO3 versions 4.5.x through 4.5.20 TYPO3 versions 4.6.x through 4.6.13 TYPO3 versions 4.7.x through 4.7.5 **Description** The issue is related to a SQL injection vulnerability in the Backend History module. This vulnerability allows remote authenticated backend users to execute arbitrary SQL commands. The vulnerability is due to missing encoding of user input, making the history module susceptible to SQL Injection. A valid backend login is required to exploit this issue. **Recommendations** For TYPO3 versions 4.5.x through 4.5.20, update to version 4.5.21 or later. For TYPO3 versions 4.6.x through 4.6.13, update to version 4.6.14 or later. For TYPO3 versions 4.7.x through 4.7.5, update to version 4.7.6 or later.

**Name of the Vulnerable Software and Affected Versions** TYPO3 versions 4.5.x through 4.5.20 TYPO3 versions 4.6.x through 4.6.13 TYPO3 versions 4.7.x through 4.7.5 **Description** A cross-site scripting (XSS) issue exists in the Backend History module, allowing remote authenticated backend users to inject arbitrary web script or HTML. **Recommendations** For versions 4.5.x through 4.5.20, update to version 4.5.21 or later. For versions 4.6.x through 4.6.13, update to version 4.6.14 or later. For versions 4.7.x through 4.7.5, update to version 4.7.6 or later.