GHSA-G868-J3QM-4J28 georgringer/news has SQL Injection in extension "News system" (news)

The extension fails to properly sanitize user input before using it in a database query. As a result, an unauthenticated attacker can inject arbitrary SQL through a URL parameter on pages using the "Date Menu of news articles" plugin. Exploitation requires the "Date Menu of news articles" plugin ...

CVE-2026-8726 SQL Injection in extension "News system" (news)

The extension fails to properly sanitize user input before using it in a database query. As a result, an unauthenticated attacker can inject arbitrary SQL through a URL parameter on pages using the "Date Menu of news articles" plugin. Exploitation requires the "Date Menu of news articles" plugin ...

TYPO3 Extension News system SQL注入漏洞

TYPO3 Extension News system is an open-source extension for TYPO3 that allows for the publishing of news and content. The TYPO3 Extension News system has a SQL injection vulnerability, which stems from insufficient user input cleaning. This vulnerability could allow unauthenticated attackers to...

CVE-2021-36792

The datednews aka Dated News extension through 5.1.1 for TYPO3 has incorrect Access Control for confirming various applications...

TYPO3 News Module SQL Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'TYPO3 News Module SQL Injection', 'Description' = %q This module exploits a SQL Injection vulnerability In TYPO3 NewsController.php in the news...

CVE-2021-36789

The datednews aka Dated News extension through 5.1.1 for TYPO3 allows SQL Injection...

CVE-2021-36791

The datednews aka Dated News extension through 5.1.1 for TYPO3 allows Information Disclosure of application registration data...

CVE-2021-36790

The datednews aka Dated News extension through 5.1.1 for TYPO3 allows XSS...

CVE-2021-36791

The datednews aka Dated News extension through 5.1.1 for TYPO3 allows Information Disclosure of application registration data...

PT-2021-21360 · Typo3 · Dated News

Name of the Vulnerable Software and Affected Versions: dated news extension versions through 5.1.1 for TYPO3 Description: The issue concerns incorrect Access Control for confirming various applications. Recommendations: For dated news extension versions through 5.1.1, update to a version later th...

DBHcms Information Disclosure Vulnerability

DBHcms is a small, free and open source content management system for personal and small business websites. An information disclosure vulnerability exists in DBHcms 1.2.0. The vulnerability stems from /dbhcms/ext/news/ext.news.be.php has security access control. A remote unauthenticated attacker...

TYPO3 News system extension cross-site scripting vulnerability

TYPO3 is a free and open source content management system framework CMS/CMF maintained by the TYPO3 Association in Switzerland. news system news is one of the extension components that provides press release functionality. A cross-site scripting vulnerability exists in TYPO3 News system extension...

CVE-2014-6290

The News ttnews extension before 3.5.2 for TYPO3 allows remote attackers to have unspecified impact via vectors related to an "insecure unserialize" issue...

CVE-2014-6290

CVE-2014-6290 concerns the TYPO3 tt_news News extension, affected up to version 3.5.1. The security bulletin documents an insecure unserialize vulnerability in tt_news that enables remote attackers to cause unspecified impact. The root cause is improper sanitization of user input leading to unser...

CVE-2013-4748

The concrete entry is about TYPO3’s News system extension (news) vulnerable to SQL Injection: impacted component is the News extension before version 1.3.3, with remote attackers able to execute arbitrary SQL commands via unspecified vectors. The connected advisories (e.g., GHSA-RG6G-V4XM-G49Q) c...

Sql injection

SQL injection vulnerability in the Vote rank for news voteforttnews extension 1.0.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

PT-2010-2125 · Typo3 · Vote For Tt News

Name of the Vulnerable Software and Affected Versions: TYPO3 extension 'vote for tt news' version 1.0.1 and earlier Description: The issue allows remote attackers to execute arbitrary SQL commands. Recommendations: For TYPO3 extension 'vote for tt news' version 1.0.1 and earlier, update to a...