SQL injection vulnerability in NewsController.php in the News module 5.3.2 and earlier for TYPO3 allows unauthenticated users to execute arbitrary SQL commands via vectors involving overwriteDemand for order and OrderByAllowed.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://www.ambionics.io/blog/typo3-news-module-sqli |
![]() ![]() |
History
No history.

Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2024-08-05T16:04:11.913Z
Reserved: 2017-04-07T00:00:00
Link: CVE-2017-7581

No data.

Status : Modified
Published: 2017-04-07T19:59:00.200
Modified: 2024-11-21T03:32:12.593
Link: CVE-2017-7581

No data.