SQL Injection in TYPO3 Frontend Login

2024-06-0514:23:20

CWE-89

GitHub Advisory Database

github.com

sql injection

typo3

frontend login

vulnerability

user input

account

7.7 High

AI Score

Confidence

Low

JSON

Failing to properly escape user input, the frontend login component is vulnerable to SQL Injection. A valid frontend user account is needed to exploit this vulnerability.

Affected configurations

Vulners

Node

typo3cms_poll_system_extensionRange<7.6.10

typo3cms_poll_system_extensionRange<6.2.26

CPENameOperatorVersion
typo3/cmslt7.6.10
typo3/cmslt6.2.26

CPE	Name	Operator	Version
	typo3/cms	lt	7.6.10
	typo3/cms	lt	6.2.26

References

github.com/advisories/GHSA-j86x-pjmr-9m6w

github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/2016-07-19-3.yaml

typo3.org/security/advisory/typo3-core-sa-2016-016

7.7 High

AI Score

Confidence

Low

JSON