Описание
SQL Injection in t3/dce
The dce (aka Dynamic Content Element) extension 2.2.0 through 2.6.x before 2.6.2, and 2.7.x before 2.7.1, for TYPO3 allows SQL Injection via a backend user account.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2021-31777
- https://bitbucket.org/ArminVieweg/dce/commits/998a2392f69f2153797c5ace6e8914ca309e70c7
- https://excellium-services.com/cert-xlm-advisory
- https://packagist.org/packages/t3/dce
- https://typo3.org/security/advisory/typo3-ext-sa-2021-005
- http://packetstormsecurity.com/files/162429/TYPO3-6.2.1-SQL-Injection.html
Пакеты
Наименование
t3/dce
composer
Затронутые версииВерсия исправления
>= 2.2.0, < 2.6.2
2.6.2
Связанные уязвимости
CVSS3: 4.9
nvd
почти 5 лет назад
The dce (aka Dynamic Content Element) extension 2.2.0 through 2.6.x before 2.6.2, and 2.7.x before 2.7.1, for TYPO3 allows SQL Injection via a backend user account.