Vulnerabilities > Typo3 > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2013-06-25 | CVE-2013-4682 | SQL Injection vulnerability in BAS VAN Beek Multishop SQL injection vulnerability in the Multishop extension before 2.0.39 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2013-06-25 | CVE-2013-4681 | SQL Injection vulnerability in Michael Staatz Sofortueberweisung2Commerce 2.0.0 SQL injection vulnerability in the sofortueberweisung2commerce extension before 2.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2013-06-20 | CVE-2013-4634 | SQL Injection vulnerability in Raphael Zschorsch Rzautocomplete SQL injection vulnerability in the jQuery autocomplete for indexed_search (rzautocomplete) extension before 0.0.9 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2013-03-20 | CVE-2013-1842 | SQL Injection vulnerability in Typo3 SQL injection vulnerability in the Extbase Framework in TYPO3 4.5.x before 4.5.24, 4.6.x before 4.6.17, 4.7.x before 4.7.9, and 6.0.x before 6.0.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to "the Query Object Model and relation values." | 7.5 |
2012-02-14 | CVE-2012-1077 | SQL Injection vulnerability in Manfred Egger BC Post2Facebook 0.2.0 SQL injection vulnerability in the Post data records to facebook (bc_post2facebook) extension before 0.2.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2012-02-14 | CVE-2012-1075 | SQL Injection vulnerability in Robert Gonda RTG Files SQL injection vulnerability in the Documents download (rtg_files) extension before 1.5.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2012-02-14 | CVE-2012-1074 | SQL Injection vulnerability in Typo3 MM Whtppr SQL injection vulnerability in the White Papers (mm_whtppr) extension 0.0.4 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2012-02-14 | CVE-2012-1072 | SQL Injection vulnerability in Typo3 TOI Category SQL injection vulnerability in the Category-System (toi_category) extension 0.6.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2012-02-14 | CVE-2012-1071 | SQL Injection vulnerability in Mathieu Vidal MV Cooking 0.1.0/0.3.0/0.4.0 SQL injection vulnerability in the Kitchen recipe (mv_cooking) extension before 0.4.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, as exploited in the wild as of February 2012. | 7.5 |
2011-10-09 | CVE-2010-4962 | SQL Injection and Remote Command Execution vulnerability in Webkit PDFs For TYPO3 Unspecified vulnerability in the Webkit PDFs (webkitpdf) extension before 1.1.4 for TYPO3 allows remote attackers to execute arbitrary commands via unknown vectors. | 7.5 |