CVE-2011-3583

Name of the Vulnerable Software and Affected Versions Typo3 Core versions 4.5.0 through 4.5.5

Description The issue is related to the use of prepared statements in Typo3 Core, which could lead to a SQL Injection vulnerability if parameter values are not properly replaced. This can be exploited when two or more parameters are bound to a query and at least two of these parameters come from user input.

Recommendations For Typo3 Core versions 4.5.0 through 4.5.5, ensure that all parameter values are properly replaced to prevent SQL Injection. As a temporary workaround, consider restricting user input for queries with multiple bound parameters until a proper fix is applied. At the moment, there is no information about a newer version that contains a fix for this vulnerability.