Lucene search
K

9 matches found

RedhatCVE
RedhatCVE
added 2026/06/02 10:2 p.m.13 views

CVE-2026-8726

The extension fails to properly sanitize user input before using it in a database query. As a result, an unauthenticated attacker can inject arbitrary SQL through a URL parameter on pages using the "Date Menu of news articles" plugin. Exploitation requires the "Date Menu of news articles" plugin ...

8.2CVSS6AI score0.00386EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/21 2:41 p.m.11 views

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection due to the extension failing to properly sanitize user input before using it in a database query. As a result, an unauthenticated attacker can inject arbitrary SQL through a URL parameter on pages using the "Date Menu of...

8.2CVSS6AI score0.00386EPSS
Exploits0References2
NVD
NVD
added 2026/05/19 10:16 a.m.16 views

CVE-2026-8726

The extension fails to properly sanitize user input before using it in a database query. As a result, an unauthenticated attacker can inject arbitrary SQL through a URL parameter on pages using the "Date Menu of news articles" plugin. Exploitation requires the "Date Menu of news articles" plugin ...

8.2CVSS0.00386EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/19 9:22 a.m.9 views

CVE-2026-8726 SQL Injection in extension "News system" (news)

The extension fails to properly sanitize user input before using it in a database query. As a result, an unauthenticated attacker can inject arbitrary SQL through a URL parameter on pages using the "Date Menu of news articles" plugin. Exploitation requires the "Date Menu of news articles" plugin ...

8.2CVSS6AI score0.00386EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/19 9:22 a.m.41 views

CVE-2026-8726 SQL Injection in extension "News system" (news)

The extension fails to properly sanitize user input before using it in a database query. As a result, an unauthenticated attacker can inject arbitrary SQL through a URL parameter on pages using the "Date Menu of news articles" plugin. Exploitation requires the "Date Menu of news articles" plugin ...

8.2CVSS0.00386EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/19 9:22 a.m.12 views

EUVD-2026-30861

The extension fails to properly sanitize user input before using it in a database query. As a result, an unauthenticated attacker can inject arbitrary SQL through a URL parameter on pages using the "Date Menu of news articles" plugin. Exploitation requires the "Date Menu of news articles" plugin ...

8.2CVSS6AI score0.00386EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/19 9:22 a.m.8 views

CVE-2026-8726

The extension fails to properly sanitize user input before using it in a database query. As a result, an unauthenticated attacker can inject arbitrary SQL through a URL parameter on pages using the "Date Menu of news articles" plugin. Exploitation requires the "Date Menu of news articles" plugin ...

8.2CVSS6AI score0.00386EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/05/19 9:22 a.m.36 views

CVE-2026-8726

CVE-2026-8726 describes an SQL injection in the Typo3 extension experience: the extension fails to properly sanitize user input before using it in a database query, enabling an unauthenticated attacker to inject arbitrary SQL via a URL parameter on pages using the “Date Menu of news articles” plu...

8.2CVSS6AI score0.00386EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.10 views

PT-2026-41866

The extension fails to properly sanitize user input before using it in a database query. As a result, an unauthenticated attacker can inject arbitrary SQL through a URL parameter on pages using the "Date Menu of news articles" plugin. Exploitation requires the "Date Menu of news articles" plugin ...

8.2CVSS6AI score0.00386EPSS
Exploits0References2
Rows per page
Query Builder