<p>Upgrade <code>typo3/cms</code> to version 6.2.18 or higher.</p>

=6.2.0, <6.2.18

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-PHP-TYPO3CMS-7204691
published 4 Jun 2024
disclosed 3 Jun 2024
credit Mohamed Rebai

Report a new vulnerability Found a mistake?

Introduced: 3 Jun 2024

New CWE-89 Open this link in a new tab

How to fix?

Upgrade typo3/cms to version 6.2.18 or higher.

Overview

typo3/cms is a free open source Content Management Framework.

Affected versions of this package are vulnerable to SQL Injection through the DatabaseConnection::sql_query process. An attacker can manipulate SQL queries and access or alter database contents by injecting SQL code even if the input data has been escaped using DatabaseConnection::quoteStr.

References

CVSS Scores

version 3.1

Attack Vector (AV)

Network
Attack Complexity (AC)

Low
Privileges Required (PR)

None
User Interaction (UI)

None

Scope (S)

Unchanged

Confidentiality (C)

High
Integrity (I)

High
Availability (A)

High

SQL Injection Affecting typo3/cms package, versions >=6.2.0, <6.2.18

Severity

CVSS assessment made by Snyk's Security Team

Introduced: 3 Jun 2024

How to fix?

Overview

References

CVSS Scores

Snyk