Vulnerabilities > Typo3 > High

DATE CVE VULNERABILITY TITLE RISK
2010-03-19 CVE-2010-1006 SQL Injection vulnerability in Typo3 Brainstorming
SQL injection vulnerability in the Brainstorming extension 0.1.8 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
typo3 CWE-89
7.5
2010-03-19 CVE-2010-1004 SQL Injection vulnerability in Mischa Heimann Yatse
SQL injection vulnerability in the Yet another TYPO3 search engine (YATSE) extension before 0.3.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
mischa-heimann typo3 CWE-89
7.5
2010-03-15 CVE-2009-4711 SQL Injection vulnerability in JAN Bednarik Cooluri
SQL injection vulnerability in the CoolURI (cooluri) extension before 1.0.16 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2008-6686.
network
low complexity
jan-bednarik typo3 CWE-89
7.5
2010-03-15 CVE-2009-4710 SQL Injection vulnerability in Robert Heel CWT Resetbepassword
SQL injection vulnerability in the Reset backend password (cwt_resetbepassword) extension 1.20 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
robert-heel typo3 CWE-89
7.5
2010-03-15 CVE-2009-4709 SQL Injection vulnerability in Dirk Maiwert Datamints Newsticker
SQL injection vulnerability in the datamints Newsticker (datamints_newsticker) extension before 0.7.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
dirk-maiwert typo3 CWE-89
7.5
2010-03-15 CVE-2009-4708 SQL Injection vulnerability in Maximo Cuadros GB Fenewssubmit
SQL injection vulnerability in the [Gobernalia] Front End News Submitter (gb_fenewssubmit) extension 0.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
maximo-cuadros typo3 CWE-89
7.5
2010-03-15 CVE-2009-4703 SQL Injection vulnerability in Typo3 WS Gallery
SQL injection vulnerability in the Webesse Image Gallery (ws_gallery) extension 1.0.4 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
typo3 CWE-89
7.5
2010-03-15 CVE-2009-4702 SQL Injection vulnerability in Markus Barchfeld PM Tour
SQL injection vulnerability in the Tour Extension (pm_tour) extension before 0.0.13 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
markus-barchfeld typo3 CWE-89
7.5
2010-03-15 CVE-2009-4701 SQL Injection vulnerability in Liviu Mitrofan Myth Download 0.1.0
SQL injection vulnerability in the Myth download (myth_download) extension 0.1.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
liviu-mitrofan typo3 CWE-89
7.5
2010-03-02 CVE-2010-0798 SQL Injection vulnerability in Snowflake T3Blog 0.5.0/0.6.0/0.6.1
SQL injection vulnerability in the T3BLOG extension 0.6.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
network
low complexity
snowflake typo3 CWE-89
7.5