CVE-2008-4904 Information

Description

SQL injection vulnerability in the \Manage pages\ feature (admin/pages) in Typo 5.1.3 and earlier allows remote authenticated users with \blog publisher\ rights to execute arbitrary SQL commands via the search[published_at] parameter.

Reference

http://secunia.com/advisories/32272 http://securityreason.com/securityalert/4550 http://www.securityfocus.com/archive/1/497970 http://www.securityfocus.com/bid/31993 https://exchange.xforce.ibmcloud.com/vulnerabilities/46205