Vulnerabilities > Typo3
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2010-07-22 | CVE-2009-4949 | SQL Injection vulnerability in Joachim Ruhs Locator SQL injection vulnerability in the Store Locator extension before 1.2.8 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2010-07-22 | CVE-2009-4948 | Cross-Site Scripting vulnerability in Joachim Ruhs Locator Cross-site scripting (XSS) vulnerability in the Store Locator extension before 1.2.8 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2010-06-02 | CVE-2010-2131 | SQL Injection vulnerability in Mario Matzulla CAL SQL injection vulnerability in the Calendar Base (cal) extension before 1.3.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via iCalendar data. | 7.5 |
2010-04-23 | CVE-2009-4803 | SQL Injection vulnerability in Andreas Schwarzkopf Accessibility Glossary SQL injection vulnerability in the Accessibility Glossary (a21glossary) extension 0.4.10 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2010-04-23 | CVE-2009-4802 | SQL Injection vulnerability in Joachim Ruhs Flat Manager SQL injection vulnerability in the Flat Manager (flatmgr) extension before 1.9.16 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2010-04-20 | CVE-2010-1153 | Code Injection vulnerability in Typo3 4.3.0/4.3.1/4.3.2 PHP remote file inclusion vulnerability in the autoloader in TYPO3 4.3.x before 4.3.3 allows remote attackers to execute arbitrary PHP code via a URL in an input field associated with the className variable. | 6.8 |
2010-03-30 | CVE-2010-1218 | Cross-Site Scripting vulnerability in MM Forum Mmforum Cross-site scripting (XSS) vulnerability in the mm_forum extension 1.8.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2010-03-26 | CVE-2009-4740 | Path Traversal vulnerability in Typo3 WS Ecard 1.0.2 Directory traversal vulnerability in the Webesse E-Card (ws_ecard) extension 1.0.2 and earlier for TYPO3 has unspecified impact and remote attack vectors. | 7.5 |
2010-03-19 | CVE-2010-1027 | SQL Injection vulnerability in Dietmar Schffer Travelmate SQL injection vulnerability in the Meet Travelmates (travelmate) extension 0.1.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2010-03-19 | CVE-2010-1026 | SQL Injection vulnerability in Mathon Nicolas Tmsw Cleandb 2.0.1 SQL injection vulnerability in the CleanDB - DBAL (tmsw_cleandb) extension 2.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |