CVE-2021-31777

Опубликовано: 28 апр. 2021

Источник: nvd

CVSS3: 4.9

CVSS2: 4

EPSS Низкий

Описание

The dce (aka Dynamic Content Element) extension 2.2.0 through 2.6.x before 2.6.2, and 2.7.x before 2.7.1, for TYPO3 allows SQL Injection via a backend user account.

Ссылки

http://packetstormsecurity.com/files/162429/TYPO3-6.2.1-SQL-Injection.html
Exploit
Third Party Advisory
https://cds.thalesgroup.com/en/tcs-cert/CVE-2021-31777
https://excellium-services.com/cert-xlm-advisory/
Not Applicable
https://typo3.org/security/advisory/typo3-ext-sa-2021-005
Patch
Third Party Advisory
http://packetstormsecurity.com/files/162429/TYPO3-6.2.1-SQL-Injection.html
Exploit
Third Party Advisory
https://excellium-services.com/cert-xlm-advisory/
Not Applicable
https://typo3.org/security/advisory/typo3-ext-sa-2021-005
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:dynamic_content_elements_project:dynamic_content_elements:*:*:*:*:*:typo3:*:*

Версия от 2.2.0 (включая) до 2.6.2 (исключая)

cpe:2.3:a:dynamic_content_elements_project:dynamic_content_elements:*:*:*:*:*:typo3:*:*

Версия от 2.7.0 (включая) до 2.7.1 (исключая)

EPSS

Процентиль: 52%

0.00287

Низкий

4.9 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-5v5h-4w2g-gxxc

CVSS3: 7.6

github

больше 4 лет назад

SQL Injection in t3/dce