Vulnerability Details CVE-2021-31777
The dce (aka Dynamic Content Element) extension 2.2.0 through 2.6.x before 2.6.2, and 2.7.x before 2.7.1, for TYPO3 allows SQL Injection via a backend user account.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 51.8%
CVSS Severity
CVSS v3 Score 4.9
CVSS v2 Score 4.0
References
- http://packetstormsecurity.com/files/162429/TYPO3-6.2.1-SQL-Injection.html
- https://cds.thalesgroup.com/en/tcs-cert/CVE-2021-31777
- https://excellium-services.com/cert-xlm-advisory/
- https://typo3.org/security/advisory/typo3-ext-sa-2021-005
- http://packetstormsecurity.com/files/162429/TYPO3-6.2.1-SQL-Injection.html
- https://excellium-services.com/cert-xlm-advisory/
- https://typo3.org/security/advisory/typo3-ext-sa-2021-005
Products affected by CVE-2021-31777
-
cpe:2.3:a:dynamic_content_elements_project:dynamic_content_elements:2.2.0
-
cpe:2.3:a:dynamic_content_elements_project:dynamic_content_elements:2.2.1
-
cpe:2.3:a:dynamic_content_elements_project:dynamic_content_elements:2.3.0
-
cpe:2.3:a:dynamic_content_elements_project:dynamic_content_elements:2.3.1
-
cpe:2.3:a:dynamic_content_elements_project:dynamic_content_elements:2.4.0
-
cpe:2.3:a:dynamic_content_elements_project:dynamic_content_elements:2.4.1
-
cpe:2.3:a:dynamic_content_elements_project:dynamic_content_elements:2.5.0
-
cpe:2.3:a:dynamic_content_elements_project:dynamic_content_elements:2.5.1
-
cpe:2.3:a:dynamic_content_elements_project:dynamic_content_elements:2.5.2
-
cpe:2.3:a:dynamic_content_elements_project:dynamic_content_elements:2.6.0
-
cpe:2.3:a:dynamic_content_elements_project:dynamic_content_elements:2.6.1
-
cpe:2.3:a:dynamic_content_elements_project:dynamic_content_elements:2.7.0