Critical severity9.8NVD Advisory· Published Nov 26, 2019· Updated Jun 16, 2026
CVE-2011-3583
CVE-2011-3583
Description
It was found that Typo3 Core versions 4.5.0 - 4.5.5 uses prepared statements that, if the parameter values are not properly replaced, could lead to a SQL Injection vulnerability. This issue can only be exploited if two or more parameters are bound to the query and at least two come from user input.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
typo3/cmsPackagist | >= 4.5.0, <= 4.5.5 | — |
Affected products
2- Range: 4.5.0 - 4.5.5
Patches
Vulnerability mechanics
References
7- bugs.debian.org/cgi-bin/bugreport.cginvdThird Party AdvisoryWEB
- github.com/advisories/GHSA-gx4p-6w86-f8jxghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2011-3583ghsaADVISORY
- security-tracker.debian.org/tracker/CVE-2011-3583nvdThird Party AdvisoryWEB
- typo3.org/security/advisory/typo3-core-sa-2011-002/nvdVendor Advisory
- access.redhat.com/security/cve/cve-2011-3583nvdBroken LinkWEB
- typo3.org/security/advisory/typo3-core-sa-2011-002ghsaWEB
News mentions
0No linked articles in our index yet.