2 matches found
GHSA-JH32-V29G-68PQ TYPO3 CMS has Privilege Escalation & SQL Injection in its Form Framework
Problem Backend users with write access to the formdefinition database table were able to directly create, update, or delete form definition records via DataHandler, bypassing the Form Framework's persistence validation and permission checks. This allowed injecting arbitrary form configurations,...
CVE-2026-49741 TYPO3 CMS - Privilege Escalation & SQL Injection in Form Framework
Backend users with write access to the formdefinition database table were able to directly create, update, or delete form definition records via DataHandler, bypassing the Form Framework's persistence validation and permission checks. This allowed injecting arbitrary form configurations,...