CVE-2010-1016 in SAV Filter Selectorsinfo

Summary

by MITRE

SQL injection vulnerability in the SAV Filter Selectors (sav_filter_selectors) extension before 1.0.5 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Analysis

by VulDB Data Team • 05/02/2026

The CVE-2010-1016 vulnerability represents a critical SQL injection flaw within the SAV Filter Selectors extension for TYPO3 content management system. This vulnerability exists in versions prior to 1.0.5 and exposes the system to remote code execution through unspecified attack vectors that manipulate database queries. The flaw allows malicious actors to inject arbitrary SQL commands into the application's database layer, potentially compromising the entire database infrastructure and underlying system.

The technical nature of this vulnerability aligns with CWE-89, which specifically addresses SQL injection weaknesses in software applications. The vulnerability occurs when user input is not properly sanitized or validated before being incorporated into database queries within the SAV Filter Selectors extension. Attackers can exploit this by crafting malicious input parameters that alter the intended SQL query execution flow, enabling them to extract, modify, or delete sensitive database information. The unspecified vectors suggest that multiple input points within the extension could serve as attack surfaces, making the vulnerability particularly dangerous as it may be exploitable through various entry points.

The operational impact of CVE-2010-1016 extends beyond simple data theft, as it provides attackers with potential persistence mechanisms and privilege escalation capabilities. Successful exploitation could lead to complete system compromise, allowing attackers to gain unauthorized access to sensitive information, modify database contents, or even escalate privileges to system administrator levels. The vulnerability affects TYPO3 installations that utilize the SAV Filter Selectors extension, making it particularly concerning for organizations relying on this content management platform for their web presence and business operations.

Organizations should immediately update their TYPO3 installations to version 1.0.5 or later to remediate this vulnerability, as the patch addresses the underlying SQL injection flaws in the SAV Filter Selectors extension. Additionally, implementing proper input validation and parameterized queries should be considered as defensive measures to prevent similar vulnerabilities in other components of the system. The ATT&CK framework categorizes this vulnerability under the T1190 technique for exploiting vulnerabilities in web applications, emphasizing the need for comprehensive web application security controls including regular security assessments and proper input sanitization practices to prevent such attacks from succeeding in production environments.

Reservation

03/19/2010

Disclosure

03/19/2010

Moderation

accepted

Entry

VDB-52257

CPE

ready

EPSS

0.01060

KEV

no

Activities

very low

Sources

Do you want to use VulDB in your project?

Use the official API to access entries easily!