Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-47pq-dk4d-1fhx
Vulnerability ID VCID-47pq-dk4d-1fhx
Aliases CVE-2010-5104
GHSA-xgc2-q928-27wv
Summary TYPO3 Sensitive Information Disclosure via escapeStrForLike method The escapeStrForLike method in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 does not properly escape input when the MySQL database is set to sql_mode NO_BACKSLASH_ESCAPES, which allows remote attackers to obtain sensitive information via wildcard characters in a LIKE query.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.00765 https://api.first.org/data/v1/epss?cve=CVE-2010-5104
epss 0.00765 https://api.first.org/data/v1/epss?cve=CVE-2010-5104
generic_textual MODERATE https://exchange.xforce.ibmcloud.com/vulnerabilities/64185
generic_textual MODERATE https://github.com/TYPO3-CMS/core
generic_textual MODERATE https://github.com/TYPO3/typo3/commit/9eb4be4ccf10e6959699b9cce375d48697f06cba
generic_textual MODERATE https://github.com/TYPO3/typo3/commit/e8c32474a5571336681243465f42090cf056054f
generic_textual MODERATE https://github.com/TYPO3/typo3/commit/fcabd2fc2aa557c94805f7505277185c4abb68ab
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2010-5104
generic_textual MODERATE https://web.archive.org/web/20101219052359/http://secunia.com/advisories/35770
generic_textual MODERATE https://web.archive.org/web/20111025222220/http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-022
generic_textual MODERATE https://web.archive.org/web/20111223211753/http://www.securityfocus.com/bid/45470
generic_textual MODERATE http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-022
generic_textual MODERATE http://www.openwall.com/lists/oss-security/2011/01/13/2
generic_textual MODERATE http://www.openwall.com/lists/oss-security/2012/05/10/7
generic_textual MODERATE http://www.openwall.com/lists/oss-security/2012/05/11/3
generic_textual MODERATE http://www.openwall.com/lists/oss-security/2012/05/12/5
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2010-5104
https://exchange.xforce.ibmcloud.com/vulnerabilities/64185
https://github.com/TYPO3-CMS/core
https://github.com/TYPO3/typo3/commit/9eb4be4ccf10e6959699b9cce375d48697f06cba
https://github.com/TYPO3/typo3/commit/e8c32474a5571336681243465f42090cf056054f
https://github.com/TYPO3/typo3/commit/fcabd2fc2aa557c94805f7505277185c4abb68ab
https://nvd.nist.gov/vuln/detail/CVE-2010-5104
https://web.archive.org/web/20101219052359/http://secunia.com/advisories/35770
https://web.archive.org/web/20111025222220/http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-022
https://web.archive.org/web/20111025222220/http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-022/
https://web.archive.org/web/20111223211753/http://www.securityfocus.com/bid/45470
http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-022
http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-sa-2010-022/
http://www.openwall.com/lists/oss-security/2011/01/13/2
http://www.openwall.com/lists/oss-security/2012/05/10/7
http://www.openwall.com/lists/oss-security/2012/05/11/3
http://www.openwall.com/lists/oss-security/2012/05/12/5
GHSA-xgc2-q928-27wv https://github.com/advisories/GHSA-xgc2-q928-27wv
No exploits are available.
Exploit Prediction Scoring System (EPSS)
Percentile 0.73801
EPSS Score 0.00765
Published At June 4, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-04T17:55:52.173886+00:00 GithubOSV Importer Import https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-xgc2-q928-27wv/GHSA-xgc2-q928-27wv.json 38.6.0