Home > Vulnerability Database > CVE-2010-5104

Mend.io Vulnerability Database

CVE-2010-5104

Date: May 21, 2012

The escapeStrForLike method in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 does not properly escape input when the MySQL database is set to sql_mode NO_BACKSLASH_ESCAPES, which allows remote attackers to obtain sensitive information via wildcard characters in a LIKE query.

Language: PHP

Severity Score

3.7

Related Resources (19)

Url: http://www.openwall.com/lists/oss-security/2012/05/11/3

Url: https://nvd.nist.gov/vuln/detail/CVE-2010-5104

Url: http://www.openwall.com/lists/oss-security/2011/01/13/2

Url: http://www.osvdb.org/70116

Url: https://github.com/TYPO3/typo3/commit/fcabd2fc2aa557c94805f7505277185c4abb68ab

Url: http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-022

Url: http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-022/

Url: https://github.com/TYPO3-CMS/core

Url: http://secunia.com/advisories/35770

Url: https://github.com/TYPO3/typo3/commit/e8c32474a5571336681243465f42090cf056054f

Url: https://web.archive.org/web/20111223211753/http://www.securityfocus.com/bid/45470

Url: https://github.com/TYPO3/typo3/commit/9eb4be4ccf10e6959699b9cce375d48697f06cba

Url: http://www.openwall.com/lists/oss-security/2012/05/10/7

Url: http://www.openwall.com/lists/oss-security/2012/05/12/5

Url: https://web.archive.org/web/20111025222220/http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-022

Url: https://web.archive.org/web/20101219052359/http://secunia.com/advisories/35770

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/64185

Url: http://www.securityfocus.com/bid/45470

Url: https://www.mend.io/vulnerability-database/CVE-2010-5104

Severity Score

3.7

Weakness Type (CWE)

Exposure of Sensitive Information to an Unauthorized Actor

CWE-200

CVSS v3.1

Base Score:	3.7
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	4.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2010-5104

Date: May 21, 2012

Language: PHP

Severity Score

Related Resources (19)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?