Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
typo3 typo3 vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2022-29601
The seminars (aka Seminar Manager) extension up to and including 4.1.3 for TYPO3 allows SQL Injection.
Oliverklee Seminars
7.5
CVSSv2
CVE-2021-38302
The Newsletter extension up to and including 4.0.0 for TYPO3 allows SQL Injection.
Newsletter Project Newsletter
7.5
CVSSv2
CVE-2021-36789
The dated_news (aka Dated News) extension up to and including 5.1.1 for TYPO3 allows SQL Injection.
Dated News Project Dated News
7.5
CVSSv2
CVE-2021-21355
TYPO3 is an open source PHP based web content management system. In TYPO3 prior to 8.7.40, 9.5.25, 10.4.14, 11.1.1, due to the lack of ensuring file extensions belong to configured allowed mime-types, attackers can upload arbitrary data with arbitrary file extensions - however, d...
Typo3 Typo3
7.5
CVSSv2
CVE-2021-28381
The vhs (aka VHS: Fluid ViewHelpers) extension prior to 5.1.1 for TYPO3 allows SQL injection via isLanguageViewHelper.
Vhs Project Vhs
7.5
CVSSv2
CVE-2020-15086
In TYPO3 installations with the "mediace" extension from version 7.6.2 and before version 7.6.5, it has been discovered that an internal verification mechanism can be used to generate arbitrary checksums. The allows to inject arbitrary data having a valid cryptographic ...
Typo3 Mediace
1 Github repository
7.5
CVSSv2
CVE-2011-3584
The TYPO3 Core wec_discussion extension prior to 2.1.1 is vulnerable to SQL Injection due to improper sanitation of user-supplied input.
Guidestar Wec Discussion Forum
7.5
CVSSv2
CVE-2011-3583
It was found that Typo3 Core versions 4.5.0 - 4.5.5 uses prepared statements that, if the parameter values are not properly replaced, could lead to a SQL Injection vulnerability. This issue can only be exploited if two or more parameters are bound to the query and at least two co...
Typo3 Typo3
7.5
CVSSv2
CVE-2011-4628
TYPO3 prior to 4.3.12, 4.4.x prior to 4.4.9, and 4.5.x prior to 4.5.4 allows remote malicious users to bypass authentication mechanisms in the backend through a crafted request.
Typo3 Typo3
7.5
CVSSv2
CVE-2019-16682
The url_redirect (aka URL redirect) extension up to and including 1.2.1 for TYPO3 fails to properly sanitize user input and is susceptible to SQL Injection.
Url Redirect Project Url Redirect
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
remote code execution
CVE-2024-34909
CVE-2024-3317
SSTI
CVE-2024-3400
CVE-2024-30051
wireless
CVE-2024-4622
CVE-2024-4908
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »