Vulnerabilities > Typo3 > High

DATE CVE VULNERABILITY TITLE RISK
2010-07-22 CVE-2009-4950 SQL Injection vulnerability in TIM Lochmueller & Thomas Buss A21Glossary Advanced Output
SQL injection vulnerability in the A21glossary Advanced Output (a21glossary_advanced_output) extension before 0.1.12 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
tim-lochmueller-thomas-buss typo3 CWE-89
7.5
7.5
2010-07-22 CVE-2009-4949 SQL Injection vulnerability in Joachim Ruhs Locator
SQL injection vulnerability in the Store Locator extension before 1.2.8 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
joachim-ruhs typo3 CWE-89
7.5
7.5
2010-06-02 CVE-2010-2131 SQL Injection vulnerability in Mario Matzulla CAL
SQL injection vulnerability in the Calendar Base (cal) extension before 1.3.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via iCalendar data.
network
low complexity
mario-matzulla typo3 CWE-89
7.5
7.5
2010-04-23 CVE-2009-4803 SQL Injection vulnerability in Andreas Schwarzkopf Accessibility Glossary
SQL injection vulnerability in the Accessibility Glossary (a21glossary) extension 0.4.10 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
andreas-schwarzkopf typo3 CWE-89
7.5
7.5
2010-04-23 CVE-2009-4802 SQL Injection vulnerability in Joachim Ruhs Flat Manager
SQL injection vulnerability in the Flat Manager (flatmgr) extension before 1.9.16 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
joachim-ruhs typo3 CWE-89
7.5
7.5
2010-03-26 CVE-2009-4740 Path Traversal vulnerability in Typo3 WS Ecard 1.0.2
Directory traversal vulnerability in the Webesse E-Card (ws_ecard) extension 1.0.2 and earlier for TYPO3 has unspecified impact and remote attack vectors.
network
low complexity
typo3 CWE-22
7.5
7.5
2010-03-19 CVE-2010-1027 SQL Injection vulnerability in Dietmar Schffer Travelmate
SQL injection vulnerability in the Meet Travelmates (travelmate) extension 0.1.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
dietmar-schffer typo3 CWE-89
7.5
7.5
2010-03-19 CVE-2010-1026 SQL Injection vulnerability in Mathon Nicolas Tmsw Cleandb 2.0.1
SQL injection vulnerability in the CleanDB - DBAL (tmsw_cleandb) extension 2.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
mathon-nicolas typo3 CWE-89
7.5
7.5
2010-03-19 CVE-2010-1024 SQL Injection vulnerability in Chris Wederka TGM Newsletter 0.0.2
SQL injection vulnerability in the TGM-Newsletter (tgm_newsletter) extension 0.0.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
chris-wederka typo3 CWE-89
7.5
7.5
2010-03-19 CVE-2010-1022 Improper Authentication vulnerability in Marcus Krause T3Sec Saltedpw
The TYPO3 Security - Salted user password hashes (t3sec_saltedpw) extension before 0.2.13 for TYPO3 allows remote attackers to bypass authentication via unspecified vectors.
network
low complexity
marcus-krause typo3 CWE-287
7.5
7.5