Shodan
Vulnerabilities
Vulnerable Software
Typo3:  >> Typo3  >> 4.1.6  Security Vulnerabilities
CVE-2011-1722
Multiple SQL injection vulnerabilities in WEC Discussion Forum (wec_discussion) extension 2.1.0 and earlier for TYPO3 allow remote attackers to execute arbitrary SQL commands via unspecified vectors, as exploited in the wild in April 2011.
CVSS Score
7.5
EPSS Score
0.007
Published
2011-04-19
CVE-2010-3687
Unspecified vulnerability in the powermail extension 1.5.3 and earlier for TYPO3 allows remote attackers to bypass validation have an unspecified impact by "[injecting] arbitrary values into validated fields," as demonstrated using the (1) Email and (2) URL fields.
CVSS Score
5.0
EPSS Score
0.002
Published
2010-09-29
CVE-2010-3604
SQL injection vulnerability in the powermail extension 1.5.3 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVSS Score
7.5
EPSS Score
0.004
Published
2010-09-24
CVE-2010-3605
Cross-site scripting (XSS) vulnerability in the powermail extension 1.5.3 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS Score
4.3
EPSS Score
0.003
Published
2010-09-24
CVE-2009-4963
Cross-site scripting (XSS) vulnerability in the Commerce extension before 0.9.9 for TYPO3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
CVSS Score
3.5
EPSS Score
0.002
Published
2010-07-28
CVE-2009-4965
SQL injection vulnerability in the AIRware Lexicon (air_lexicon) extension 0.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVSS Score
7.5
EPSS Score
0.004
Published
2010-07-28
CVE-2009-4966
SQL injection vulnerability in the AST ZipCodeSearch (ast_addresszipsearch) extension 0.5.4 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVSS Score
7.5
EPSS Score
0.004
Published
2010-07-28
CVE-2009-4967
SQL injection vulnerability in the Car (car) extension before 0.1.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVSS Score
7.5
EPSS Score
0.004
Published
2010-07-28
CVE-2009-4968
SQL injection vulnerability in the Event Registration (event_registr) extension 1.0.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVSS Score
7.5
EPSS Score
0.004
Published
2010-07-28
CVE-2009-4969
SQL injection vulnerability in the Solidbase Bannermanagement (SBbanner) extension 1.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVSS Score
7.5
EPSS Score
0.004
Published
2010-07-28


Products
Pricing
Contact Us

Shodan ® - All rights reserved