2 matches found
CVE-2021-31777
The TYPO3 Dynamic Content Element (dce) extension vulnerabilities (versions 2.2.0–2.6.x before 2.6.2 and 2.7.x before 2.7.1) allow an SQL Injection via a backend user account. This is confirmed across multiple sources (CVE-2021-31777). A sample exploit exists in public write-ups (e.g., packetstor...
CVE-2014-8328
The CVE-2014-8328 issue affects the TYPO3 Dynamic Content Elements (dce) extension prior to version 0.11.5. The vulnerability arises from the extension’s update check functionality, which could disclose sensitive installation environment information to remote attackers. The in-scope detail confir...