Home > Vulnerability Database > CVE-2007-6381

Mend.io Vulnerability Database

New vulnerability? Tell us about it!

CVE-2007-6381

Date: December 14, 2007

SQL injection vulnerability in the indexed_search system extension in TYPO3 3.x, 4.0 through 4.0.7, and 4.1 through 4.1.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

Severity Score

6.3

Related Resources (12)

Url: http://secunia.com/advisories/27969

Url: http://secunia.com/advisories/28243

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/39017

Url: http://securitytracker.com/id?1019146

Url: http://www.debian.org/security/2007/dsa-1439

Url: http://www.securityfocus.com/bid/26871

Url: https://nvd.nist.gov/vuln/detail/CVE-2007-6381

Url: http://www.vupen.com/english/advisories/2007/4205

Url: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=457446

Url: http://typo3.org/teams/security/security-bulletins/typo3-20071210-1/

Url: http://osvdb.org/39506

Url: https://www.mend.io/vulnerability-database/CVE-2007-6381

Severity Score

6.3

Weakness Type (CWE)

SQL Injection

CWE-89

CVSS v3.1

Base Score:	6.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

CVSS v2

Base Score:	6.5
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	SINGLE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Do you need more information?

Contact Us