CVE-2010-5104

Name of the Vulnerable Software and Affected Versions TYPO3 versions 4.2.x through 4.2.15 TYPO3 versions 4.3.x through 4.3.8 TYPO3 versions 4.4.x through 4.4.4

Description The issue allows remote attackers to obtain sensitive information via wildcard characters in a LIKE query due to improper input escaping by the escapeStrForLike method when the MySQL database is set to sql mode NO BACKSLASH ESCAPES.

Recommendations For TYPO3 versions 4.2.x through 4.2.15, update to version 4.2.16 or later. For TYPO3 versions 4.3.x through 4.3.8, update to version 4.3.9 or later. For TYPO3 versions 4.4.x through 4.4.4, update to version 4.4.5 or later.