| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Unspecified vulnerability in the Webesse E-Card (ws_ecard) extension 1.0.2 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown vectors. |
| SQL injection vulnerability in the MK Wastebasket (mk_wastebasket) extension 2.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| Unspecified vulnerability in the Webservices for TYPO3 (typo3_webservice) extension before 0.3.8 for TYPO3 allows remote authenticated users to execute arbitrary code via unknown vectors. |
| Cross-site scripting (XSS) vulnerability in the Yet another Google search (ya_googlesearch) extension before 0.3.10 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| SQL injection vulnerability in the Webesse Image Gallery (ws_gallery) extension 1.0.4 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| SQL injection vulnerability in the Tour Extension (pm_tour) extension before 0.0.13 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| SQL injection vulnerability in the Post data records to facebook (bc_post2facebook) extension before 0.2.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| SQL injection vulnerability in the Myth download (myth_download) extension 0.1.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| SQL injection vulnerability in the Documents download (rtg_files) extension before 1.5.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| SQL injection vulnerability in the Book Reviews (sk_bookreview) extension 0.0.12 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| Cross-site scripting (XSS) vulnerability in the Documents download (rtg_files) extension before 1.5.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| The System Utilities (sysutils) extension 1.0.3 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unspecified vectors related to improper "protection" of the "backup output directory." |
| Cross-site scripting (XSS) vulnerability in the Terminal PHP Shell (terminal) extension 0.3.2 and earlier for TYPO3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. |
| The TYPO3 Security - Salted user password hashes (t3sec_saltedpw) extension before 0.2.13 for TYPO3 allows remote attackers to bypass authentication via unspecified vectors. |
| SQL injection vulnerability in the Kitchen recipe (mv_cooking) extension before 0.4.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, as exploited in the wild as of February 2012. |
| Cross-site scripting (XSS) vulnerability in the Modern FAQ (irfaq) extension 1.1.2 and other versions before 1.1.4 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to the "return url parameter." |
| SQL injection vulnerability in the Category-System (toi_category) extension 0.6.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| SQL injection vulnerability in the Meet Travelmates (travelmate) extension 0.1.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| Open redirect vulnerability in the Modern FAQ (irfaq) extension 1.1.2 and other versions before 1.1.4 for TYPO3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL, probably in the "return url parameter." |
| PHP remote file inclusion vulnerability in Classes/Controller/AbstractController.php in the workspaces system extension in TYPO3 4.5.x before 4.5.9, 4.6.x before 4.6.2, and development versions of 4.7 allows remote attackers to execute arbitrary PHP code via a URL in the BACK_PATH parameter. |
