Vulnerabilities > Typo3 > High

DATE CVE VULNERABILITY TITLE RISK
2013-08-16 CVE-2013-5306 SQL Injection vulnerability in Die-Netzmacher Browser 4.5.0/4.5.2
SQL injection vulnerability in the Browser - TYPO3 without PHP (browser) extension before 4.5.5 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
die-netzmacher typo3 CWE-89
7.5
2013-08-16 CVE-2013-5304 SQL Injection vulnerability in Joachim Ruhs Locator
SQL injection vulnerability in the Store Locator (locator) extension before 3.1.5 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
joachim-ruhs typo3 CWE-89
7.5
2013-08-16 CVE-2013-5302 SQL Injection vulnerability in Kennziffer KE Search
SQL injection vulnerability in the Faceted Search (ke_search) extension before 1.4.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
kennziffer typo3 CWE-89
7.5
2013-07-20 CVE-2013-4870 SQL Injection vulnerability in News Search Project News Search 0.1.0
SQL injection vulnerability in the News Search (news_search) extension 0.1.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
news-search-project typo3 CWE-89
7.5
2013-07-01 CVE-2013-4748 SQL Injection vulnerability in Georg Ringer News
SQL injection vulnerability in the News system (news) extension before 1.3.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
georg-ringer typo3 CWE-89
7.5
2013-07-01 CVE-2013-4745 SQL Injection vulnerability in Kurt Gusbeth Myquizpoll
SQL injection vulnerability in the My quiz and poll (myquizpoll) extension before 2.0.6 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
kurt-gusbeth typo3 CWE-89
7.5
2013-06-27 CVE-2013-4721 SQL Injection vulnerability in 3DS Push2Rss 3DS
SQL injection vulnerability in the RSS feed from records extension 1.0.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
3ds typo3 CWE-89
7.5
2013-06-27 CVE-2013-4720 SQL Injection vulnerability in Webempoweredchurch WEC Discussion
SQL injection vulnerability in the WEC Discussion Forum extension before 2.1.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
webempoweredchurch typo3 CWE-89
7.5
2013-06-27 CVE-2013-4719 SQL Injection vulnerability in Lina Wolf SEO Pack for TT News 1.0.0/1.3.0/1.3.1
SQL injection vulnerability in the SEO Pack for tt_news extension before 1.3.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
lina-wolf typo3 CWE-89
7.5
2013-06-25 CVE-2013-4683 SQL Injection vulnerability in Christophe Balisky Meta Feedit
SQL injection vulnerability in the meta_feedit extension 0.1.10 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
christophe-balisky typo3 CWE-89
7.5