Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
typo3 typo3 vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2021-36789
The dated_news (aka Dated News) extension up to and including 5.1.1 for TYPO3 allows SQL Injection.
Dated News Project Dated News
668
VMScore
CVE-2021-38302
The Newsletter extension up to and including 4.0.0 for TYPO3 allows SQL Injection.
Newsletter Project Newsletter
668
VMScore
CVE-2021-21355
TYPO3 is an open source PHP based web content management system. In TYPO3 prior to 8.7.40, 9.5.25, 10.4.14, 11.1.1, due to the lack of ensuring file extensions belong to configured allowed mime-types, attackers can upload arbitrary data with arbitrary file extensions - however, d...
Typo3 Typo3
668
VMScore
CVE-2021-28381
The vhs (aka VHS: Fluid ViewHelpers) extension prior to 5.1.1 for TYPO3 allows SQL injection via isLanguageViewHelper.
Vhs Project Vhs
668
VMScore
CVE-2020-15086
In TYPO3 installations with the "mediace" extension from version 7.6.2 and before version 7.6.5, it has been discovered that an internal verification mechanism can be used to generate arbitrary checksums. The allows to inject arbitrary data having a valid cryptographic ...
Typo3 Mediace
1 Github repository
668
VMScore
CVE-2011-3583
It was found that Typo3 Core versions 4.5.0 - 4.5.5 uses prepared statements that, if the parameter values are not properly replaced, could lead to a SQL Injection vulnerability. This issue can only be exploited if two or more parameters are bound to the query and at least two co...
Typo3 Typo3
668
VMScore
CVE-2011-3584
The TYPO3 Core wec_discussion extension prior to 2.1.1 is vulnerable to SQL Injection due to improper sanitation of user-supplied input.
Guidestar Wec Discussion Forum
668
VMScore
CVE-2011-4628
TYPO3 prior to 4.3.12, 4.4.x prior to 4.4.9, and 4.5.x prior to 4.5.4 allows remote malicious users to bypass authentication mechanisms in the backend through a crafted request.
Typo3 Typo3
668
VMScore
CVE-2019-16682
The url_redirect (aka URL redirect) extension up to and including 1.2.1 for TYPO3 fails to properly sanitize user input and is susceptible to SQL Injection.
Url Redirect Project Url Redirect
668
VMScore
CVE-2019-16699
The sr_freecap (aka freeCap CAPTCHA) extension 2.4.5 and below and 2.5.2 and below for TYPO3 fails to sanitize user input, which allows execution of arbitrary Extbase actions, resulting in Remote Code Execution.
Sr Freecap Project Sr Freecap
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »