← Voltar para CVEs
CVE-2017-7581
N/ADescricao
SQL injection vulnerability in NewsController.php in the News module 5.3.2 and earlier for TYPO3 allows unauthenticated users to execute arbitrary SQL commands via vectors involving overwriteDemand for order and OrderByAllowed.
Detalhes CVE
Pontuacao CVSS v3.1N/A
Publicado4/7/2017
Ultima modificacao4/20/2025
Fontenvd
Avistamentos honeypot0
Produtos afetados
news_system_project:news_system
Fraquezas (CWE)
CWE-89
Referencias
https://www.ambionics.io/blog/typo3-news-module-sqli(cve@mitre.org)
https://www.ambionics.io/blog/typo3-news-module-sqli(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.