Vulnerabilities > Typo3 > High

DATE CVE VULNERABILITY TITLE RISK
2013-06-25 CVE-2013-4682 SQL Injection vulnerability in BAS VAN Beek Multishop
SQL injection vulnerability in the Multishop extension before 2.0.39 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
bas-van-beek typo3 CWE-89
7.5
2013-06-25 CVE-2013-4681 SQL Injection vulnerability in Michael Staatz Sofortueberweisung2Commerce 2.0.0
SQL injection vulnerability in the sofortueberweisung2commerce extension before 2.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
michael-staatz typo3 CWE-89
7.5
2013-06-20 CVE-2013-4634 SQL Injection vulnerability in Raphael Zschorsch Rzautocomplete
SQL injection vulnerability in the jQuery autocomplete for indexed_search (rzautocomplete) extension before 0.0.9 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
raphael-zschorsch typo3 CWE-89
7.5
2013-03-20 CVE-2013-1842 SQL Injection vulnerability in Typo3
SQL injection vulnerability in the Extbase Framework in TYPO3 4.5.x before 4.5.24, 4.6.x before 4.6.17, 4.7.x before 4.7.9, and 6.0.x before 6.0.3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, related to "the Query Object Model and relation values."
network
low complexity
typo3 CWE-89
7.5
2012-02-14 CVE-2012-1077 SQL Injection vulnerability in Manfred Egger BC Post2Facebook 0.2.0
SQL injection vulnerability in the Post data records to facebook (bc_post2facebook) extension before 0.2.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
manfred-egger typo3 CWE-89
7.5
2012-02-14 CVE-2012-1075 SQL Injection vulnerability in Robert Gonda RTG Files
SQL injection vulnerability in the Documents download (rtg_files) extension before 1.5.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
robert-gonda typo3 CWE-89
7.5
2012-02-14 CVE-2012-1074 SQL Injection vulnerability in Typo3 MM Whtppr
SQL injection vulnerability in the White Papers (mm_whtppr) extension 0.0.4 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
typo3 CWE-89
7.5
2012-02-14 CVE-2012-1072 SQL Injection vulnerability in Typo3 TOI Category
SQL injection vulnerability in the Category-System (toi_category) extension 0.6.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
typo3 CWE-89
7.5
2012-02-14 CVE-2012-1071 SQL Injection vulnerability in Mathieu Vidal MV Cooking 0.1.0/0.3.0/0.4.0
SQL injection vulnerability in the Kitchen recipe (mv_cooking) extension before 0.4.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, as exploited in the wild as of February 2012.
network
low complexity
mathieu-vidal typo3 CWE-89
7.5
2011-10-09 CVE-2010-4962 SQL Injection and Remote Command Execution vulnerability in Webkit PDFs For TYPO3
Unspecified vulnerability in the Webkit PDFs (webkitpdf) extension before 1.1.4 for TYPO3 allows remote attackers to execute arbitrary commands via unknown vectors.
network
low complexity
dev-team-typoheads typo3
7.5