Synced 17 Jun 2026 22:27 UTC Account
← All products

CVE-2010-4952

HIGH severity · CVSS 7.5 · SQL injection
7.5CVSS HIGH

Summary

SQL injection vulnerability in the FE user statistic (festat) extension before 0.2.4 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Impact & exploitability

Attack vectorNetwork
Attack complexityLow
Privileges required
User interaction
Confidentiality impact
Integrity impact
Availability impact
Exploit probability (EPSS)1%

AV:N/AC:L/Au:N/C:P/I:P/A:P

Affected products we track (1)

TYPO3

Recommendation

Apply the vendor fix promptly. Open any affected product above for its exact safe version.

Official patch: http://typo3.org/extensions/repository/view/festat/0.2.4/ ↗

Additional information