CVE-2012-6144

Name of the Vulnerable Software and Affected Versions TYPO3 versions 4.5.x through 4.5.20 TYPO3 versions 4.6.x through 4.6.13 TYPO3 versions 4.7.x through 4.7.5

Description The issue is related to a SQL injection vulnerability in the Backend History module. This vulnerability allows remote authenticated backend users to execute arbitrary SQL commands. The vulnerability is due to missing encoding of user input, making the history module susceptible to SQL Injection. A valid backend login is required to exploit this issue.

Recommendations For TYPO3 versions 4.5.x through 4.5.20, update to version 4.5.21 or later. For TYPO3 versions 4.6.x through 4.6.13, update to version 4.6.14 or later. For TYPO3 versions 4.7.x through 4.7.5, update to version 4.7.6 or later.