SQL injection vulnerability in the indexed_search system extension in TYPO3 3.x, 4.0 through 4.0.7, and 4.1 through 4.1.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
Max CVSS
6.5
EPSS Score
0.19%
Published
2007-12-15
Updated
2017-08-08
The start function in class.t3lib_formmail.php in TYPO3 before 4.0.5, 4.1beta, and 4.1RC1 allows attackers to inject arbitrary email headers via unknown vectors. NOTE: some details were obtained from third party information.
Max CVSS
7.5
EPSS Score
0.55%
Published
2007-02-22
Updated
2017-07-29
2 vulnerabilities found