SQL Injection Affecting typo3/cms package, versions >=6.2.0, <6.2.18
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-PHP-TYPO3CMS-7204691
- published 4 Jun 2024
- disclosed 3 Jun 2024
- credit Mohamed Rebai
How to fix?
Upgrade typo3/cms
to version 6.2.18 or higher.
Overview
typo3/cms is a free open source Content Management Framework.
Affected versions of this package are vulnerable to SQL Injection through the DatabaseConnection::sql_query
process. An attacker can manipulate SQL queries and access or alter database contents by injecting SQL code even if the input data has been escaped using DatabaseConnection::quoteStr
.
References
CVSS Scores
version 3.1