SQL Injection Vulnerability in TYPO3 Core wec_discussion Extension
CVE-2011-3584

9.8CRITICAL

Key Information:

Vendor

TYPO3 Core

Status
wec_discussion
Vendor
CVE Published:
26 November 2019

What is CVE-2011-3584?

The wec_discussion extension for TYPO3 Core prior to version 2.1.1 is susceptible to SQL Injection attacks caused by inadequate sanitation of user-supplied input. This vulnerability allows attackers to manipulate queries and gain unauthorized access to backend databases, potentially exposing sensitive information and compromising the integrity of the application.

Affected Version(s)

wec_discussion before 2.1.1

References

https://security-tracker.debian.org/tracker/CVE-2011-3584
x_refsource_MISC
https://access.redhat.com/security/cve/cve-2011-3584
x_refsource_MISC
https://typo3.org/security/advisory/typo3-sa-2011-003/
x_refsource_MISC

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.