Vulnerabilities > Typo3 > High

DATE CVE VULNERABILITY TITLE RISK
2010-03-19 CVE-2010-1022 Improper Authentication vulnerability in Marcus Krause T3Sec Saltedpw
The TYPO3 Security - Salted user password hashes (t3sec_saltedpw) extension before 0.2.13 for TYPO3 allows remote attackers to bypass authentication via unspecified vectors.
network
low complexity
marcus-krause typo3 CWE-287
7.5
7.5
2010-03-19 CVE-2010-1019 SQL Injection vulnerability in Sk-Typo3 SK Simplegallery 0.0.1
SQL injection vulnerability in the Simple Gallery (sk_simplegallery) extension 0.0.9 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
sk-typo3 typo3 CWE-89
7.5
7.5
2010-03-19 CVE-2010-1018 SQL Injection vulnerability in Jochen RAU SK Bookreview
SQL injection vulnerability in the Book Reviews (sk_bookreview) extension 0.0.12 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
jochen-rau typo3 CWE-89
7.5
7.5
2010-03-19 CVE-2010-1017 SQL Injection vulnerability in Laurent Foulloy SAV Filter Months
SQL injection vulnerability in the SAV Filter Months (sav_filter_months) extension before 1.0.5 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
laurent-foulloy typo3 CWE-89
7.5
7.5
2010-03-19 CVE-2010-1016 SQL Injection vulnerability in Laurent Foulloy SAV Filter Selectors 1.0.1/1.0.2/1.0.3
SQL injection vulnerability in the SAV Filter Selectors (sav_filter_selectors) extension before 1.0.5 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
laurent-foulloy typo3 CWE-89
7.5
7.5
2010-03-19 CVE-2010-1015 SQL Injection vulnerability in Laurent Foulloy SAV Filter ABC
SQL injection vulnerability in the SAV Filter Alphabetic (sav_filter_abc) extension before 1.0.9 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
laurent-foulloy typo3 CWE-89
7.5
7.5
2010-03-19 CVE-2010-1013 SQL Injection vulnerability in Fr.Simon Rundell PD Diocesedatabase
SQL injection vulnerability in the Diocese of Portsmouth Database (pd_diocesedatabase) extension before 0.7.13 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
fr-simon-rundell typo3 CWE-89
7.5
7.5
2010-03-19 CVE-2010-1012 SQL Injection vulnerability in Mathias Schreiber NF Cleandb
SQL injection vulnerability in the CleanDB (nf_cleandb) extension 1.0.7 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
mathias-schreiber typo3 CWE-89
7.5
7.5
2010-03-19 CVE-2010-1010 SQL Injection vulnerability in Matthias Kall MK Wastebasket
SQL injection vulnerability in the MK Wastebasket (mk_wastebasket) extension 2.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
matthias-kall typo3 CWE-89
7.5
7.5
2010-03-19 CVE-2010-1009 SQL Injection vulnerability in Joachim-Ruhs Educator 0.1.5
SQL injection vulnerability in the Educator extension 0.1.5 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
joachim-ruhs typo3 CWE-89
7.5
7.5