CVE-2021-31777
The TYPO3 Dynamic Content Element (dce) extension vulnerabilities (versions 2.2.0–2.6.x before 2.6.2 and 2.7.x before 2.7.1) allow an SQL Injection via a backend user account. This is confirmed across multiple sources (CVE-2021-31777). A sample exploit exists in public write-ups (e.g., packetstor...