{"id":"UBUNTU-CVE-2012-1607","details":"The Command Line Interface (CLI) script in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allows remote attackers to obtain the database name via a direct request.","modified":"2025-07-16T07:30:53.618610Z","published":"2012-09-04T20:55:00Z","withdrawn":"2025-07-18T16:42:45Z","upstream":["CVE-2012-1607"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2012-1607"},{"type":"REPORT","url":"http://www.openwall.com/lists/oss-security/2012/03/29"},{"type":"REPORT","url":"http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-001/"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2012-1607"}],"affected":[{"package":{"name":"typo3-src","ecosystem":"Ubuntu:14.04:LTS","purl":"pkg:deb/ubuntu/typo3-src@4.5.32+dfsg1-1?arch=source&distro=trusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.5.32+dfsg1-1"}]}],"versions":["4.5.27+dfsg1-3","4.5.30+dfsg1-2"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_name":"typo3","binary_version":"4.5.32+dfsg1-1"},{"binary_name":"typo3-database","binary_version":"4.5.32+dfsg1-1"},{"binary_name":"typo3-dummy","binary_version":"4.5.32+dfsg1-1"},{"binary_name":"typo3-src-4.5","binary_version":"4.5.32+dfsg1-1"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2012/UBUNTU-CVE-2012-1607.json"}}],"schema_version":"1.7.3","severity":[{"type":"Ubuntu","score":"negligible"}]}