SQL Injection in extension "News system" (news)

More info at https://typo3.org/security/advisory/typo3-ext-sa-2026-010...

CVE-2026-8726

CVE-2026-8726 describes an SQL injection in the Typo3 extension experience: the extension fails to properly sanitize user input before using it in a database query, enabling an unauthenticated attacker to inject arbitrary SQL via a URL parameter on pages using the “Date Menu of news articles” plu...

CVE-2026-8726 SQL Injection in extension "News system" (news)

The extension fails to properly sanitize user input before using it in a database query. As a result, an unauthenticated attacker can inject arbitrary SQL through a URL parameter on pages using the "Date Menu of news articles" plugin. Exploitation requires the "Date Menu of news articles" plugin ...

EUVD-2013-4598

Malware in sbrugna...

EUVD-2005-2167

Malware in sbrugna...

EUVD-2009-2553

Malware in sbrugna...

EUVD-2002-0304

Malware in sbrugna...

EUVD-2007-1432

Malware in sbrugna...

EUVD-2005-3995

Malware in sbrugna...

EUVD-2005-2168

Malware in sbrugna...

EUVD-2005-2169

Malware in sbrugna...

EUVD-2007-1015

Malware in sbrugna...

EUVD-2008-0479

Malware in sbrugna...

CVE-2005-2168

delete.php in Plague News System 0.6 and earlier allows remote unauthenticated attackers to delete news, comments, and shoutbox posts by modifying the id parameter...

CVE-2005-2167

Cross-site scripting XSS vulnerability in index.php in Plague News System 0.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the cid parameter...

GHSA-RG6G-V4XM-G49Q News system (news) extension for TYPO3 vulnerable to SQL Injection

SQL injection vulnerability in the News system news extension before 1.3.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

SQL Injection Vulnerability in Free Version of Kile Self-Media News System

Kile Self-Media News System is a news management system based on TP5.1 development. There is a SQL injection vulnerability in the free version of Kile Self-Media News System, which can be exploited by attackers to obtain sensitive information from the database...

Kile Self-Media News System Free v1.1.4 has a logic flaw vulnerability

Kile Self-Media News Management System is a news management system based on TP5.1 development. A logic flaw vulnerability exists in Kile Self-Media News System Free v1.1.4, which can be exploited by attackers to obtain sensitive information...

Unauthorized Access Vulnerability in Free Version of Kile Self-Media News System

Kile Self-Media News Management System is a news management system based on TP5.1 development. An unauthorized access vulnerability exists in the free version of Kile Self-Media News System. An attacker can exploit the vulnerability to perform unauthorized operations, such as randomly deleting or...

CVE-2011-3642

Cross-site scripting XSS vulnerability in Flowplayer Flash 3.2.7 through 3.2.16, as used in the News system news extension for TYPO3 and Mahara, allows remote attackers to inject arbitrary web script or HTML via the plugin configuration directive in a reference to an external domain plugin...