Miggo Logo
Miggo Vulnerability Database
CVE-2010-3662

CVE-2010-3662:
TYPO3 SQL injection vulnerability on the backend

8.8

CVSS Score
3.1

Basic Information

CVE ID
CVE-2010-3662
GHSA ID
GHSA-4rvc-5hrh-qmwf
EPSS Score
0.71174%
CWE
CWE-89
Published
4/21/2022
Updated
2/7/2024
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
typo3/cms-backendcomposer< 4.1.144.1.14
typo3/cms-backendcomposer>= 4.2.0, < 4.2.134.2.13
typo3/cms-backendcomposer>= 4.3.0, < 4.3.44.3.4
typo3/cms-backendcomposer>= 4.4.0, < 4.4.14.4.1

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from improper SQL query construction in backend record editing and auto-suggest features. TYPO3's TCA-driven query builder (t3lib_db::exec_SELECTquery) and form handlers (t3lib_TCEforms) are core components that process user input. The advisory specifically mentions TCA 'where' clauses and auto-suggest as attack vectors, implicating these functions. While exact commit diffs are unavailable, historical TYPO3 security practices confirm these components were frequently hardened against SQLi in patches. The medium confidence for AJAX handlers reflects the lack of explicit function names in advisories, but their role in user-input processing aligns with described exploit paths.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

TYPO* ***or* *.*.**, *.*.x ***or* *.*.**, *.*.x ***or* *.*.* *n* *.*.x ***or* *.*.* *llows SQL Inj**tion on t** ***k*n*.

Reasoning

T** vuln*r**ility st*ms *rom improp*r SQL qu*ry *onstru*tion in ***k*n* r**or* **itin* *n* *uto-su***st ***tur*s. TYPO*'s T**-*riv*n qu*ry *uil**r (t*li*_**::*x**_S*L**Tqu*ry) *n* *orm **n*l*rs (t*li*_T***orms) *r* *or* *ompon*nts t**t pro**ss us*r i