[SECURITY] SQL Injection Possibility in Extbase
authorFelix Oertel <f@oer.tel>
Wed, 6 Mar 2013 10:49:32 +0000 (11:49 +0100)
committerOliver Hader <oliver.hader@typo3.org>
Wed, 6 Mar 2013 10:49:34 +0000 (11:49 +0100)
commit17b357b3220b139a26fb61acb7dbd27bf6edd694
tree6724cc777258b52b05405caa1b0c3240b54d46a3
parent7cc896575e256d52fb0637f747272aae6580ab75
[SECURITY] SQL Injection Possibility in Extbase

The Extbase persistence layer is vulnerable to SQL injection
due to improper sanitation of submitted arguments on relations
of the many-to-many type.

Fixes: #46057
Releases: 6.1, 6.0, 4.7, 4.6, 4.5
Change-Id: Ie5c9cf4a54260db937975edef61d464ddc808475
Security-Commit: 88fcf40028f0378948fd3572847a577aa91aaf76
Security-Bulletin: TYPO3-CORE-SA-2013-001
Reviewed-on: https://review.typo3.org/18735
Reviewed-by: Oliver Hader
Tested-by: Oliver Hader
typo3/sysext/extbase/Classes/Persistence/Generic/Storage/Typo3DbBackend.php