Vulnerabilities > Typo3 > High

DATE CVE VULNERABILITY TITLE RISK
2008-07-07 CVE-2008-3038 SQL Injection vulnerability in Typo3 Address Directory
SQL injection vulnerability in the Address Directory (sp_directory) extension 0.2.10 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
typo3 CWE-89
7.5
2008-05-28 CVE-2008-2489 SQL Injection vulnerability in Typo3 SG Zfelib
SQL injection vulnerability in the Library for Frontend Plugins (aka sg_zfelib) extension 1.1.512 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified "user input."
network
low complexity
typo3 CWE-89
7.5
2008-05-16 CVE-2008-2275 Code Injection vulnerability in Typo3 SR Feuser Register Extension
Unspecified vulnerability in sr_feuser_register 1.4.0, 1.6.0, 2.2.1 to 2.2.7, 2.3.0 to 2.3.6, 2.4.0, and 2.5.0 to 2.5.9 extension for TYPO3 allows remote attackers to execute arbitrary code and delete arbitrary files via unspecified attack vectors.
network
low complexity
typo3 CWE-94
7.5
2007-02-22 CVE-2007-1081 Unspecified vulnerability in Typo3
The start function in class.t3lib_formmail.php in TYPO3 before 4.0.5, 4.1beta, and 4.1RC1 allows attackers to inject arbitrary email headers via unknown vectors.
network
low complexity
typo3
7.5
2006-12-21 CVE-2006-6690 Remote Command Execution vulnerability in Typo3 Class.TX_RTEHTMLArea_PI1.PHP
rtehtmlarea/pi1/class.tx_rtehtmlarea_pi1.php in Typo3 4.0.0 through 4.0.3, 3.7 and 3.8 with the rtehtmlarea extension, and 4.1 beta allows remote authenticated users to execute arbitrary commands via shell metacharacters in the userUid parameter to rtehtmlarea/htmlarea/plugins/SpellChecker/spell-check-logic.php, and possibly another vector.
network
low complexity
typo3
7.5
2005-12-31 CVE-2005-4875 Information Exposure vulnerability in Typo3 0.4.1/1.1/3.7.0
TYPO3 3.8.0 and earlier allows remote attackers to obtain sensitive information via a direct request to misc/phpcheck/, which invokes the phpinfo function and prints values of unspecified environment variables.
network
low complexity
typo3 CWE-200
7.5