2 matches found
CVE-2020-14960
CVE-2020-14960 is a SQL injection vulnerability in PHP-Fusion 9.03.50 that affects the administration/comments.php endpoint via the ctype parameter. The CVE description and linked references document the vulnerability and CVSS impact (CVSSv3.1: base score 7.2, high impact on confidentiality, inte...
GHSA-PQG8-CRX9-G8M4 Backend Same-Site Request Forgery in TYPO3 CMS
Meta CVSS v3.1: AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C CWE-352 CWE-346 Problem It has been discovered that backend user interface and install tool are vulnerable to same-origin request forgery. A backend user can be tricked into interacting with a malicious resource an attacker...