Lucene search
+L

5 matches found

OSV
OSV
added 2026/05/19 12:31 p.m.6 views

GHSA-G868-J3QM-4J28 georgringer/news has SQL Injection in extension "News system" (news)

The extension fails to properly sanitize user input before using it in a database query. As a result, an unauthenticated attacker can inject arbitrary SQL through a URL parameter on pages using the "Date Menu of news articles" plugin. Exploitation requires the "Date Menu of news articles" plugin ...

8.2CVSS5.7AI score0.00386EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/05/19 12:31 p.m.11 views

georgringer/news has SQL Injection in extension "News system" (news)

The extension fails to properly sanitize user input before using it in a database query. As a result, an unauthenticated attacker can inject arbitrary SQL through a URL parameter on pages using the "Date Menu of news articles" plugin. Exploitation requires the "Date Menu of news articles" plugin ...

8.2CVSS5.7AI score0.00386EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2026/05/19 10:16 a.m.16 views

CVE-2026-8726

The extension fails to properly sanitize user input before using it in a database query. As a result, an unauthenticated attacker can inject arbitrary SQL through a URL parameter on pages using the "Date Menu of news articles" plugin. Exploitation requires the "Date Menu of news articles" plugin ...

8.2CVSS0.00386EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/19 9:22 a.m.14 views

EUVD-2026-30861

The extension fails to properly sanitize user input before using it in a database query. As a result, an unauthenticated attacker can inject arbitrary SQL through a URL parameter on pages using the "Date Menu of news articles" plugin. Exploitation requires the "Date Menu of news articles" plugin ...

8.2CVSS6AI score0.00386EPSS
Exploits0References1
CVE
CVE
added 2026/05/19 9:22 a.m.40 views

CVE-2026-8726

CVE-2026-8726 describes an SQL injection in the Typo3 extension experience: the extension fails to properly sanitize user input before using it in a database query, enabling an unauthenticated attacker to inject arbitrary SQL via a URL parameter on pages using the “Date Menu of news articles” plu...

8.2CVSS6AI score0.00386EPSS
Exploits0References1
Rows per page
Query Builder