TYPO3 CMS news management module SQL injection vulnerability

The News module, the 20th most used module of TYPO3, is subject to an SQL injection vulnerability. Although the author has been contacted numerous times in the span of 4 months, no fix has been provided. We are therefore releasing the details. Also, it should be noted that the vulnerability is on...

CVE-2017-7581

SQL injection vulnerability in NewsController.php in the News module 5.3.2 and earlier for TYPO3 allows unauthenticated users to execute arbitrary SQL commands via vectors involving overwriteDemand for order and OrderByAllowed...

CVE-2017-7581

SQL injection vulnerability in NewsController.php in the News module 5.3.2 and earlier for TYPO3 allows unauthenticated users to execute arbitrary SQL commands via vectors involving overwriteDemand for order and OrderByAllowed...

PHPNuke 5.6/6.x News Module Article.PHP SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7172/info It has been reported that an input validation error exists in the article.php file included with PHPNuke as part of the News module. Because of this, an attacker could send a malicious string through PHPNuke tha...

Kasseler CMS News Module 'id' Parameter SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/38909/info Kasseler CMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise...

PHPNuke 5.6/6.x News Module Index.PHP SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7173/info It has been reported that an input validation error exists in the index.php file included with PHPNuke as part of the News module. Because of this, an attacker could send a malicious string through PHPNuke that...

PHP-Nuke <= 8.0 XSS & HTML Code Injection in News Module

No description provided by source. Software Link: http://www.phpnuke.org/modules.php?name=Downloads&dop=viewdownload&cid=1 -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= note : This bug found by tampering passed data . coders don't sanitize and check user entry point for news rate...

PHP-Nuke 6.x/7.0 'News' Module Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9605/info It has been reported that the PHP-Nuke module 'News' is prone to a cross-site scripting vulnerability. The issue arises due to the module failing to properly sanitize user-supplied information. This could allow...

PHPNuke 5.5/6.0 News Module Path Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7079/info The News module for PHPNuke has been reported prone to a vulnerability which, when exploited, may disclose sensitive path information to a remote attacker. An attacker may use the information gathered in this...

GENU CMS 2012.3 - Multiple SQL Injection Vulnerabilities

No description provided by source. Title: ====== GENU CMS 2012.3 - Multiple SQL Injection Vulnerabilities Date: ===== 2012-04-30 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=538 VL-ID: ===== 538 Introduction: ============= GENU is a Content Management System written...

CVE-2014-2245

SQL injection vulnerability in the News module in CMS Made Simple CMSMS before 1.11.10 allows remote authenticated users with the "Modify News" permission to execute arbitrary SQL commands via the sortby parameter to admin/moduleinterface.php. NOTE: some of these details are obtained from third...

Sql injection

SQL injection vulnerability in the News module in CMS Made Simple CMSMS before 1.11.10 allows remote authenticated users with the "Modify News" permission to execute arbitrary SQL commands via the sortby parameter to admin/moduleinterface.php. NOTE: some of these details are obtained from third...

CVE-2014-2245

SQL injection vulnerability in the News module in CMS Made Simple CMSMS before 1.11.10 allows remote authenticated users with the "Modify News" permission to execute arbitrary SQL commands via the sortby parameter to admin/moduleinterface.php. NOTE: some of these details are obtained from third...

CVE-2014-2245

The CVE-2014-2245 entry concerns a SQL injection in the News module of CMS Made Simple (CMSMS). The vulnerability affects CMSMS prior to version 1.11.10 and can be triggered by remote authenticated users who hold the Modify News permission, via the sortby parameter to admin/moduleinterface.php. T...

CVE-2013-3524

The CVE-2013-3524 entry describes a SQL injection vulnerability in the Pop Up News module (popupnewsitem/) of phpVMS, affecting version 2.0 and possibly earlier. The issue allows remote attackers to modify and retrieve data by injecting SQL through the itemid parameter. CVSS data from NVD indicat...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in FlatnuX CMS 2012-03.08 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 titleen, 2 summaryen, or 3 bodyen parameter in a submitnews action to the news module, a different vulnerability than CVE-2012-4890. NOTE...

CVE-2012-1297

CVE-2012-1297 affects Contao (formerly TYPOlight) 2.11.0 and earlier, via multiple CSRF vulnerabilities in main.php that can hijack administrator authentication for actions that delete users, news, or newsletters. Root cause and exact exploit details are not elaborated in the provided documents. ...

CVE-2010-4663

Unspecified vulnerability in the News module in CMS Made Simple CMSMS before 1.9.1 has unknown impact and attack vectors...

Code injection

Unspecified vulnerability in the News module in CMS Made Simple CMSMS before 1.9.1 has unknown impact and attack vectors...

CVE-2010-4663

Technical details for CVE-2010-4663 are not publicly available in the provided documents. Monitor for updates from trusted sources.