News
Vigil@nce: TYPO3, SQL injection in Calendar Base
March 2010 by Vigil@nce
An attacker can inject SQL queries in the Calendar Base extension of TYPO3.
Severity: 2/4
Consequences: user access/rights
Provenance: document
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 02/03/2010
IMPACTED PRODUCTS
TYPO3
DESCRIPTION OF THE VULNERABILITY
The Calendar Base (cal) extension of TYPO3 implements a calendar.
The iCalendar format is a standard exchange format for schedulers.
When Calendar Base imports iCalendar data, they are not checked, and they are directly used in a SQL query.
An attacker can therefore invite the victim to import a malicious iCalendar file, in order to execute SQL queries on the TYPO3 service.
CHARACTERISTICS
Identifiers: BID-38493, TYPO3-SA-2010-005, VIGILANCE-VUL-9483
Url: http://vigilance.fr/vulnerability/T...
