Cybernaj

**Name of the Vulnerable Software and Affected Versions** TYPO3 version 4.0 **Description** A SQL injection issue allows remote attackers to execute arbitrary SQL commands via the `showUid` parameter in index.php. However, the TYPO3 Security Team disputes this report, stating that the `showUid` parameter is generally used in third-party TYPO3 extensions, not in TYPO3 Core. **Recommendations** For TYPO3 version 4.0, consider restricting access to the `showUid` parameter in index.php to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.