Lucene search
K

5 matches found

Github Security Blog
Github Security Blog
added 2026/05/19 12:31 p.m.11 views

georgringer/news has SQL Injection in extension "News system" (news)

The extension fails to properly sanitize user input before using it in a database query. As a result, an unauthenticated attacker can inject arbitrary SQL through a URL parameter on pages using the "Date Menu of news articles" plugin. Exploitation requires the "Date Menu of news articles" plugin ...

8.2CVSS5.7AI score0.00386EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2026/05/19 12:31 p.m.5 views

GHSA-G868-J3QM-4J28 georgringer/news has SQL Injection in extension "News system" (news)

The extension fails to properly sanitize user input before using it in a database query. As a result, an unauthenticated attacker can inject arbitrary SQL through a URL parameter on pages using the "Date Menu of news articles" plugin. Exploitation requires the "Date Menu of news articles" plugin ...

8.2CVSS5.7AI score0.00386EPSS
Exploits0References4
NVD
NVD
added 2026/05/19 10:16 a.m.16 views

CVE-2026-8726

The extension fails to properly sanitize user input before using it in a database query. As a result, an unauthenticated attacker can inject arbitrary SQL through a URL parameter on pages using the "Date Menu of news articles" plugin. Exploitation requires the "Date Menu of news articles" plugin ...

8.2CVSS0.00386EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/19 9:22 a.m.13 views

EUVD-2026-30861

The extension fails to properly sanitize user input before using it in a database query. As a result, an unauthenticated attacker can inject arbitrary SQL through a URL parameter on pages using the "Date Menu of news articles" plugin. Exploitation requires the "Date Menu of news articles" plugin ...

8.2CVSS6AI score0.00386EPSS
Exploits0References1
CVE
CVE
added 2026/05/19 9:22 a.m.38 views

CVE-2026-8726

CVE-2026-8726 describes an SQL injection in the Typo3 extension experience: the extension fails to properly sanitize user input before using it in a database query, enabling an unauthenticated attacker to inject arbitrary SQL via a URL parameter on pages using the “Date Menu of news articles” plu...

8.2CVSS6AI score0.00386EPSS
Exploits0References1
Rows per page
Query Builder