Описание
SQL injection vulnerability in NewsController.php in the News module 5.3.2 and earlier for TYPO3 allows unauthenticated users to execute arbitrary SQL commands via vectors involving overwriteDemand for order and OrderByAllowed.
Ссылки
- ExploitPatchTechnical DescriptionThird Party Advisory
- ExploitPatchTechnical DescriptionThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 5.3.2 (включая)
cpe:2.3:a:news_system_project:news_system:*:*:*:*:*:typo3:*:*
EPSS
Процентиль: 98%
0.64506
Средний
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-89
Связанные уязвимости
CVSS3: 9.8
github
больше 3 лет назад
SQL injection vulnerability in NewsController.php in the News module 5.3.2 and earlier for TYPO3 allows unauthenticated users to execute arbitrary SQL commands via vectors involving overwriteDemand for order and OrderByAllowed.
EPSS
Процентиль: 98%
0.64506
Средний
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-89