Vulnerabilities > Typo3 > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2008-07-07 | CVE-2008-3038 | SQL Injection vulnerability in Typo3 Address Directory SQL injection vulnerability in the Address Directory (sp_directory) extension 0.2.10 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2008-05-28 | CVE-2008-2489 | SQL Injection vulnerability in Typo3 SG Zfelib SQL injection vulnerability in the Library for Frontend Plugins (aka sg_zfelib) extension 1.1.512 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified "user input." | 7.5 |
2008-05-16 | CVE-2008-2275 | Code Injection vulnerability in Typo3 SR Feuser Register Extension Unspecified vulnerability in sr_feuser_register 1.4.0, 1.6.0, 2.2.1 to 2.2.7, 2.3.0 to 2.3.6, 2.4.0, and 2.5.0 to 2.5.9 extension for TYPO3 allows remote attackers to execute arbitrary code and delete arbitrary files via unspecified attack vectors. | 7.5 |
2007-02-22 | CVE-2007-1081 | Unspecified vulnerability in Typo3 The start function in class.t3lib_formmail.php in TYPO3 before 4.0.5, 4.1beta, and 4.1RC1 allows attackers to inject arbitrary email headers via unknown vectors. | 7.5 |
2006-12-21 | CVE-2006-6690 | Remote Command Execution vulnerability in Typo3 Class.TX_RTEHTMLArea_PI1.PHP rtehtmlarea/pi1/class.tx_rtehtmlarea_pi1.php in Typo3 4.0.0 through 4.0.3, 3.7 and 3.8 with the rtehtmlarea extension, and 4.1 beta allows remote authenticated users to execute arbitrary commands via shell metacharacters in the userUid parameter to rtehtmlarea/htmlarea/plugins/SpellChecker/spell-check-logic.php, and possibly another vector. | 7.5 |
2005-12-31 | CVE-2005-4875 | Information Exposure vulnerability in Typo3 0.4.1/1.1/3.7.0 TYPO3 3.8.0 and earlier allows remote attackers to obtain sensitive information via a direct request to misc/phpcheck/, which invokes the phpinfo function and prints values of unspecified environment variables. | 7.5 |