Vulnerabilities > Typo3 > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2011-10-09 | CVE-2010-4957 | SQL Injection vulnerability in Nadine Schwingler KE Questionnaire 1.2.1/2.0.0 SQL injection vulnerability in the Questionnaire (ke_questionnaire) extension before 2.2.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2011-10-09 | CVE-2010-4952 | SQL Injection vulnerability in Joachim Ruhs Festat 0.1.6/0.1.8/0.1.9 SQL injection vulnerability in the FE user statistic (festat) extension before 0.2.4 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2011-10-09 | CVE-2010-4950 | SQL Injection vulnerability in Joachim Ruhs Event SQL injection vulnerability in the Event (event) extension before 0.3.7 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2011-10-07 | CVE-2010-4891 | SQL Injection vulnerability in Andreas Kiefer KE YAC SQL injection vulnerability in the Yet Another Calendar (ke_yac) extension before 1.1.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2011-10-07 | CVE-2010-4888 | SQL Injection vulnerability in Marco Hezel HM Tinymarket SQL injection vulnerability in the Tiny Market (hm_tinymarket) extension 0.5.4 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2011-10-07 | CVE-2010-4887 | SQL Injection vulnerability in Raphael Zschorsch Commentsbe SQL injection vulnerability in the Commenting system Backend Module (commentsbe) extension 0.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2011-10-04 | CVE-2011-3980 | Unspecified vulnerability in Jerome Schneider Ameos Dragndropupload 2.0.0/2.0.1 Unspecified vulnerability in the Drag Drop Mass Upload (ameos_dragndropupload) extension 2.0.2 and earlier for TYPO3 allows remote attackers to upload arbitrary files via unknown vectors. | 7.5 |
| 2011-04-19 | CVE-2011-1722 | SQL Injection vulnerability in Webempoweredchurch WEC Discussion Multiple SQL injection vulnerabilities in WEC Discussion Forum (wec_discussion) extension 2.1.0 and earlier for TYPO3 allow remote attackers to execute arbitrary SQL commands via unspecified vectors, as exploited in the wild in April 2011. | 7.5 |
| 2010-10-25 | CVE-2010-3714 | Permissions, Privileges, and Access Controls vulnerability in Typo3 The jumpUrl (aka access tracking) implementation in tslib/class.tslib_fe.php in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 does not properly compare certain hash values during access-control decisions, which allows remote attackers to read arbitrary files via unspecified vectors. | 7.1 |
| 2010-09-24 | CVE-2010-3604 | SQL Injection vulnerability in Alex Kellner Powermail SQL injection vulnerability in the powermail extension 1.5.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |