CVEDB API

Vulnerabilities

Vulnerable Software

Typo3: >> Typo3 Security Vulnerabilities

CVE-2009-4855

SQL injection vulnerability in index.php in TYPO3 4.0 allows remote attackers to execute arbitrary SQL commands via the showUid parameter. NOTE: the TYPO3 Security Team disputes this report, stating that "there is no such vulnerability... The showUid parameter is generally used in third-party TYPO3 extensions - not in TYPO3 Core.

CVSS Score

7.5

EPSS Score

0.004

Published

2010-05-11

CVE-2009-4802

SQL injection vulnerability in the Flat Manager (flatmgr) extension before 1.9.16 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVSS Score

7.5

EPSS Score

0.004

Published

2010-04-23

CVE-2009-4803

SQL injection vulnerability in the Accessibility Glossary (a21glossary) extension 0.4.10 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVSS Score

7.5

EPSS Score

0.004

Published

2010-04-23

CVE-2009-4804

Cross-site scripting (XSS) vulnerability in the Calendar Base (cal) extension before 1.1.1 for TYPO3, when Internet Explorer 6 is used, allows remote attackers to inject arbitrary web script or HTML via "search parameters."

CVSS Score

4.3

EPSS Score

0.003

Published

2010-04-23

CVE-2010-1153

PHP remote file inclusion vulnerability in the autoloader in TYPO3 4.3.x before 4.3.3 allows remote attackers to execute arbitrary PHP code via a URL in an input field associated with the className variable.

CVSS Score

6.8

EPSS Score

0.006

Published

2010-04-20

CVE-2010-1218

Cross-site scripting (XSS) vulnerability in the mm_forum extension 1.8.2 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS Score

4.3

EPSS Score

0.003

Published

2010-03-30

CVE-2009-4740

Directory traversal vulnerability in the Webesse E-Card (ws_ecard) extension 1.0.2 and earlier for TYPO3 has unspecified impact and remote attack vectors.

CVSS Score

7.5

EPSS Score

0.001

Published

2010-03-26

CVE-2010-1024

SQL injection vulnerability in the TGM-Newsletter (tgm_newsletter) extension 0.0.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVSS Score

7.5

EPSS Score

0.004

Published

2010-03-19

CVE-2010-1025

Cross-site scripting (XSS) vulnerability in the TGM-Newsletter (tgm_newsletter) extension 0.0.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS Score

4.3

EPSS Score

0.003

Published

2010-03-19

CVE-2010-1026

SQL injection vulnerability in the CleanDB - DBAL (tmsw_cleandb) extension 2.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVSS Score

7.5

EPSS Score

0.004

Published

2010-03-19

Prev Next

Page 26

Vulnerabilities

Vulnerable Software

Typo3: >> Typo3 Security Vulnerabilities

Products

Pricing

Contact Us