TYPO3 'cmw_linklist Extension' 'category_uid' Parameter SQL Injection

The installation of TYPO3 on the remote host is vulnerable to remote SQL injection attacks through the parameter 'categoryuid' used by the third-party cmwlinklist extension. By exploiting this flaw, a remote attacker can uncover sensitive information or even modify existing data. %NASLMINLEVEL...

TYPO3 Security Bulletin

An issue has been reported where a bug in the "cmwlinklist" extension allows SQL injection attacks. In specific situations, a remote offender can cause malicious database operations. Component Type: Third Party Extension. This extension is third party code that has not been submitted to the TYPO3...