Lucene search

GitHub Advisory DatabaseGHSA-HQM2-GWQF-R5G5

HistorySep 02, 2021 - 5:17 p.m.

SQL injection in TYPO3 extension

2021-09-0217:17:06

CWE-89

GitHub Advisory Database

github.com

typo3

sql injection

extension

bounced emails

software

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

51.6%

JSON

It has been discovered that the extension is susceptible to SQL Injection when processing bounced emails.

Affected configurations

Vulners

Node

ecodevnewsletterRange≤4.0.0

VendorProductVersionCPE
ecodevnewsletter*cpe:2.3:a:ecodev:newsletter:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ecodev	newsletter	*	cpe:2.3:a:ecodev:newsletter::::::::

References

github.com/advisories/GHSA-hqm2-gwqf-r5g5

nvd.nist.gov/vuln/detail/CVE-2021-38302

typo3.org/security/advisory/typo3-ext-sa-2021-014

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

51.6%

JSON

Related for GHSA-HQM2-GWQF-R5G5