Typo3 : Security Vulnerabilities, CVEs, Published In 2019 (Sql injection) CVSS score >= 7

CVE-2019-19850

An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. Because escaping of user-submitted content is mishandled, the class QueryGenerator is vulnerable to SQL injection. Exploitation requires having the system extension ext:lowlevel installed, and a valid backend user who has administrator privileges.
Max CVSS
7.2
EPSS Score
0.09%
Published
2019-12-17
Updated
2019-12-20

CVE-2011-3583

It was found that Typo3 Core versions 4.5.0 - 4.5.5 uses prepared statements that, if the parameter values are not properly replaced, could lead to a SQL Injection vulnerability. This issue can only be exploited if two or more parameters are bound to the query and at least two come from user input.
Max CVSS
9.8
EPSS Score
0.25%
Published
2019-11-26
Updated
2019-12-05

CVE-2010-3662

TYPO3 before 4.1.14, 4.2.x before 4.2.13, 4.3.x before 4.3.4 and 4.4.x before 4.4.1 allows SQL Injection on the backend.
Max CVSS
8.8
EPSS Score
0.16%
Published
2019-11-04
Updated
2019-11-05
3 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close