Vulnerabilities > Typo3 > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-02-27 | CVE-2008-6338 | SQL Injection vulnerability in Weber-Ebusiness WES Facilities 2.0 SQL injection vulnerability in the WEBERkommunal Facilities (wes_facilities) extension 2.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2009-02-16 | CVE-2008-6145 | SQL Injection vulnerability in Typo3 WEC Discussion Forum Multiple SQL injection vulnerabilities in the WEC Discussion Forum (wec_discussion) extension 1.7.0 and earlier for TYPO3 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2009-01-22 | CVE-2009-0256 | Improper Authentication vulnerability in Typo3 Session fixation vulnerability in the authentication library in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allows remote attackers to hijack web sessions via unspecified vectors related to (1) frontend and (2) backend authentication. | 7.5 |
| 2009-01-22 | CVE-2009-0255 | Use of Insufficiently Random Values vulnerability in multiple products The System extension Install tool in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 creates the encryption key with an insufficiently random seed, which makes it easier for attackers to crack the key. | 7.5 |
| 2008-12-31 | CVE-2008-5800 | SQL Injection vulnerability in Typo3 Fsmi People and WIR BER UNS Extension SQL injection vulnerability in the Wir ber uns [sic] (fsmi_people) extension 0.0.24 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2008-12-31 | CVE-2008-5798 | SQL Injection vulnerability in Typo3 CMS Poll System Extension SQL injection vulnerability in the CMS Poll system (cms_poll) extension before 0.1.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2008-12-31 | CVE-2008-5797 | SQL Injection vulnerability in Typo3 Advcalendar Extension SQL injection vulnerability in the advCalendar extension 0.3.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2008-12-31 | CVE-2008-5796 | SQL Injection vulnerability in Typo3 Eluna Page Comments Extension SQL injection vulnerability in the eluna Page Comments (eluna_pagecomments) extension 1.1.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2008-12-17 | CVE-2008-5609 | SQL Injection vulnerability in Typo3 Commerce Extension SQL injection vulnerability in the Commerce extension 0.9.6 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2008-11-14 | CVE-2008-5087 | SQL Injection vulnerability in Typo3 Another Backend Login 0.0.1/0.0.2 SQL injection vulnerability in TYPO3 Another Backend Login (wrg_anotherbelogin) extension before 0.0.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |