Lucene search
K

7 matches found

Friends Of PHP
Friends Of PHP
added 2026/05/18 3:13 p.m.11 views

TYPO3-EXT-SA-2026-012: SQL Injection in extension "Address List" (tt_address)

More info at https://typo3.org/security/advisory/typo3-ext-sa-2026-012...

8.2CVSS5.8AI score0.00327EPSS
Exploits0Affected Software1
Snyk
Snyk
added 2026/03/17 10:49 a.m.4 views

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key due to improper resetting of the generated MFA code after successful authentication. An attacker can gain unauthorized access by submitting an empty string as the MFA code in subsequent...

8.8CVSS5.9AI score0.00256EPSS
Exploits0References2
Snyk
Snyk
added 2025/05/21 6:33 p.m.4 views

Command Injection

Overview nitsan/ns-backup is an extension for TYPO3 that lets you save your code, files, and database with just a few clicks. Install Backup Plus and connect it to your cloud storage like Google Drive, Dropbox, Amazon S3, SFTP, Rsync, etc.. Affected versions of this package are vulnerable to...

8.5CVSS7.8AI score0.01462EPSS
Exploits0References2
Snyk
Snyk
added 2025/01/14 3:40 p.m.5 views

Cross-site Request Forgery (CSRF)

Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the backend user interface functionality involving deep links. An attacker can manipulate the session and perform unauthorized actions. Note: This is only exploitable if the...

8.8CVSS7AI score0.00352EPSS
Exploits0References2
Snyk
Snyk
added 2022/05/17 4:31 a.m.3 views

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the file upload functionality. An attacker can execute arbitrary code by uploading a file with a crafted extension and then accessing it through unspecified vectors. Remediation Upgrade in2code/powermail to...

9.8CVSS8.2AI score0.02326EPSS
Exploits0References2
Snyk
Snyk
added 2022/05/17 4:31 a.m.4 views

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication via unspecified vectors which allows an attacker to bypass the CAPTCHA protection mechanism. Remediation Upgrade in2code/powermail to version 2.0.11 or higher. References - Typo3 Advisory Credit: Jigal van Hemert...

8.7CVSS7AI score0.01912EPSS
Exploits0References2
Friends Of PHP
Friends Of PHP
added 2015/07/01 2:20 p.m.28 views

Cross-Site Scripting in 3rd party library Flowplayer

More info at https://typo3.org/security/advisory/typo3-core-sa-2015-007...

4.3CVSS7.2AI score0.02405EPSS
Exploits0Affected Software1
Rows per page
Query Builder