EUVD-2021-1272

Malware in sbrugna...

SQL Injection in t3/dce

The dce aka Dynamic Content Element extension 2.2.0 through 2.6.x before 2.6.2, and 2.7.x before 2.7.1, for TYPO3 allows SQL Injection via a backend user account...

CVE-2021-31777

The dce aka Dynamic Content Element extension 2.2.0 through 2.6.x before 2.6.2, and 2.7.x before 2.7.1, for TYPO3 allows SQL Injection via a backend user account...

CVE-2021-31777

The TYPO3 Dynamic Content Element (dce) extension vulnerabilities (versions 2.2.0–2.6.x before 2.6.2 and 2.7.x before 2.7.1) allow an SQL Injection via a backend user account. This is confirmed across multiple sources (CVE-2021-31777). A sample exploit exists in public write-ups (e.g., packetstor...

TYPO3 Dynamic Content Element SQL注入漏洞

TYPO3 Dynamic Content Element is a mobile application from the Swiss company TYPO3. TYPO3 Dynamic Content Element has a SQL injection vulnerability, which stems from insufficient filtering of user-supplied data and can be exploited by attackers to inject SQL to obtain data-sensitive information...

SQL Injection in extension "Dynamic Content Element" (dce)

The extension fails to properly sanitize user input and is susceptible to SQL Injection. A TYPO3 backend user account is required to exploit the vulnerability...