Multiple SQL Injection Flaws in WEC Discussion Forum for TYPO3
CVE-2008-6145

Currently unrated

Key Information:

Vendor: Typo3
Status: Wec Discussion Forum
Vendor: CVE Published:; 16 February 2009

What is CVE-2008-6145?

The WEC Discussion Forum extension for TYPO3 contains multiple SQL injection vulnerabilities that can be exploited by remote attackers. By leveraging unspecified vectors, these flaws allow the execution of arbitrary SQL commands within the database, potentially compromising sensitive information and the integrity of the system. It is crucial for administrators using affected versions to apply updates and mitigate the risks associated with these vulnerabilities.

References

http://secunia.com/advisories/33254

third-party-advisoryx_refsource_SECUNIA

http://www.vupen.com/english/advisories/2008/3502

vdb-entryx_refsource_VUPEN

http://typo3.org/teams/security/security-bulletins/typo3-...

x_refsource_CONFIRM

Timeline

Vulnerability published
Feb 16, 2009
Vulnerability Reserved
Feb 16, 2009

Typo3

What is CVE-2008-6145?

References

Timeline