Launchpad.net

CVE 2007-6381

SQL injection vulnerability in the indexed_search system extension in TYPO3 3.x, 4.0 through 4.0.7, and 4.1 through 4.1.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

Related bugs and status

CVE-2007-6381 (Candidate) is related to these bugs:

Bug #180300: [typo3-src] [CVE-2007-6381] SQL injection vulnerability

		In	Importance	Status
180300	[typo3-src] [CVE-2007-6381] SQL injection vulnerability	typo3-src (Ubuntu)	High	Fix Released
180300	[typo3-src] [CVE-2007-6381] SQL injection vulnerability	typo3-src (Debian)	Unknown	Fix Released
180300	[typo3-src] [CVE-2007-6381] SQL injection vulnerability	typo3-src (Ubuntu Dapper)	Undecided	Won't Fix
180300	[typo3-src] [CVE-2007-6381] SQL injection vulnerability	typo3-src (Ubuntu Edgy)	Undecided	Won't Fix
180300	[typo3-src] [CVE-2007-6381] SQL injection vulnerability	typo3-src (Ubuntu Feisty)	Undecided	Won't Fix
180300	[typo3-src] [CVE-2007-6381] SQL injection vulnerability	typo3-src (Ubuntu Hardy)	High	Fix Released
180300	[typo3-src] [CVE-2007-6381] SQL injection vulnerability	typo3-src (Ubuntu Gutsy)	Undecided	Won't Fix

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://typo3.org/teams...
BID: 26871
SECUNIA: 27969
MISC: http://bugs.debian.org...
DEBIAN: DSA-1439
SECTRACK: 1019146
SECUNIA: 28243
OSVDB: 39506
VUPEN: ADV-2007-4205
XF: typo3-indexedsearch-sq...