| CVE-2026-6553 |
high |
7.5 |
7.5 |
|
|
typo3 |
1mo ago |
TYPO3 CMS Stores Cleartext Password in User Settings Module |
| CVE-2017-14251 |
high |
8.8 |
8.8 |
|
|
typo3 |
9y ago |
TYPO3 Arbitrary Code Execution |
| CVE-2016-5091 |
high |
8.1 |
8.1 |
|
|
typo3 |
10y ago |
Extbase for TYPO3 allows RCE |
| CVE-2014-9509 |
high |
— |
7.5 |
|
|
typo3 |
12y ago |
Typo3 Vulnerable to Cache Poisoning |
| CVE-2013-5569 |
high |
— |
7.5 |
|
|
heiko_sudartypo3 |
13y ago |
SQL injection vulnerability in the Slideshare extension 0.1.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2013-5322 |
high |
— |
7.5 |
|
|
jan_bednariktypo3 |
13y ago |
CoolURI extension for TYPO3 vulnerable to SQL Injection |
| CVE-2013-5310 |
high |
— |
7.5 |
|
|
mauro_lorenzuttitypo3 |
13y ago |
SQL injection vulnerability in the DB Integration (wfqbe) extension before 2.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2013-5306 |
high |
— |
7.5 |
|
|
die-netzmachertypo3 |
13y ago |
SQL injection vulnerability in the Browser - TYPO3 without PHP (browser) extension before 4.5.5 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2013-5304 |
high |
— |
7.5 |
|
|
joachim_ruhstypo3 |
13y ago |
SQL injection vulnerability in the Store Locator (locator) extension before 3.1.5 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2013-5302 |
high |
— |
7.5 |
|
|
kennziffertypo3 |
13y ago |
SQL injection vulnerability in the Faceted Search (ke_search) extension before 1.4.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2013-4870 |
high |
— |
7.5 |
|
|
news_search_projecttypo3 |
13y ago |
SQL injection vulnerability in the News Search (news_search) extension 0.1.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2013-4748 |
high |
— |
7.5 |
|
|
georg_ringertypo3 |
13y ago |
News system (news) extension for TYPO3 vulnerable to SQL Injection |
| CVE-2013-4745 |
high |
— |
7.5 |
|
|
kurt_gusbethtypo3 |
13y ago |
SQL injection vulnerability in the My quiz and poll (myquizpoll) extension before 2.0.6 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2013-4721 |
high |
— |
7.5 |
|
|
3dstypo3 |
13y ago |
SQL injection vulnerability in the RSS feed from records extension 1.0.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2013-4720 |
high |
— |
7.5 |
|
|
webempoweredchurchtypo3 |
13y ago |
SQL injection vulnerability in the WEC Discussion Forum extension before 2.1.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2013-4719 |
high |
— |
7.5 |
|
|
lina_wolftypo3 |
13y ago |
SQL injection vulnerability in the SEO Pack for tt_news extension before 1.3.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2013-4683 |
high |
— |
7.5 |
|
|
christophe_baliskytypo3 |
13y ago |
SQL injection vulnerability in the meta_feedit extension 0.1.10 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2013-4682 |
high |
— |
7.5 |
|
|
bas_van_beektypo3 |
13y ago |
Multishop extension for TYPO3 has SQL Injection vulnerability |
| CVE-2013-4681 |
high |
— |
7.5 |
|
|
michael_staatztypo3 |
13y ago |
SQL injection vulnerability in the sofortueberweisung2commerce extension before 2.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2013-4634 |
high |
— |
7.5 |
|
|
raphael_zschorschtypo3 |
13y ago |
SQL injection vulnerability in the jQuery autocomplete for indexed_search (rzautocomplete) extension before 0.0.9 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified v… |
| CVE-2013-1842 |
high |
— |
7.5 |
|
|
typo3 |
13y ago |
TYPO3 SQL injection vulnerability in the Extbase Framework |
| CVE-2012-1077 |
high |
— |
7.5 |
|
|
manfred_eggertypo3 |
15y ago |
SQL injection vulnerability in the Post data records to facebook (bc_post2facebook) extension before 0.2.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2012-1075 |
high |
— |
7.5 |
|
|
robert_gondatypo3 |
15y ago |
SQL injection vulnerability in the Documents download (rtg_files) extension before 1.5.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2012-1074 |
high |
— |
7.5 |
|
|
typo3 |
15y ago |
SQL injection vulnerability in the White Papers (mm_whtppr) extension 0.0.4 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2012-1072 |
high |
— |
7.5 |
|
|
typo3 |
15y ago |
SQL injection vulnerability in the Category-System (toi_category) extension 0.6.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2012-1071 |
high |
— |
7.5 |
|
|
mathieu_vidaltypo3 |
15y ago |
SQL injection vulnerability in the Kitchen recipe (mv_cooking) extension before 0.4.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, as exploited in the … |
| CVE-2010-4962 |
high |
— |
7.5 |
|
|
dev-team_typoheadstypo3 |
15y ago |
Webkit PDFs for TYPO3 allows remote attackers to execute arbitrary commands |
| CVE-2010-4961 |
high |
— |
7.5 |
|
|
dev-team_typoheadstypo3 |
15y ago |
Webkit PDFs for TYPO3 has SQL Injection vulnerability |
| CVE-2010-4957 |
high |
— |
7.5 |
|
|
nadine_schwinglertypo3 |
15y ago |
SQL injection vulnerability in the Questionnaire (ke_questionnaire) extension before 2.2.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2010-4952 |
high |
— |
7.5 |
|
|
joachim_ruhstypo3 |
15y ago |
SQL injection vulnerability in the FE user statistic (festat) extension before 0.2.4 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2010-4950 |
high |
— |
7.5 |
|
|
joachim_ruhstypo3 |
15y ago |
SQL injection vulnerability in the Event (event) extension before 0.3.7 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2010-4891 |
high |
— |
7.5 |
|
|
andreas_kiefertypo3 |
15y ago |
SQL injection vulnerability in the Yet Another Calendar (ke_yac) extension before 1.1.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2010-4888 |
high |
— |
7.5 |
|
|
marco_hezeltypo3 |
15y ago |
SQL injection vulnerability in the Tiny Market (hm_tinymarket) extension 0.5.4 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2010-4887 |
high |
— |
7.5 |
|
|
raphael_zschorschtypo3 |
15y ago |
SQL injection vulnerability in the Commenting system Backend Module (commentsbe) extension 0.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vector… |
| CVE-2011-3980 |
high |
— |
7.5 |
|
|
jerome_schneidertypo3 |
15y ago |
Unspecified vulnerability in the Drag Drop Mass Upload (ameos_dragndropupload) extension 2.0.2 and earlier for TYPO3 allows remote attackers to upload arbitrary files via unknown vectors. |
| CVE-2011-1722 |
high |
— |
7.5 |
|
|
webempoweredchurchtypo3 |
15y ago |
Multiple SQL injection vulnerabilities in WEC Discussion Forum (wec_discussion) extension 2.1.0 and earlier for TYPO3 allow remote attackers to execute arbitrary SQL commands via unspecified vectors,… |
| CVE-2010-3714 |
high |
— |
8.1 |
EXP |
|
typo3 |
16y ago |
TYPO3 Remote File Disclosure vulnerability in the jumpUrl mechanism |
| CVE-2010-3604 |
high |
— |
7.5 |
|
|
alex_kellnertypo3 |
16y ago |
powermail extension for TYPO3 vulnerable to SQL Injection |
| CVE-2009-4971 |
high |
— |
7.5 |
|
|
vincent_tietztypo3 |
16y ago |
SQL injection vulnerability in the AJAX Chat (vjchat) extension before 0.3.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2009-4970 |
high |
— |
7.5 |
|
|
typo3-machertypo3 |
16y ago |
SQL injection vulnerability in the t3m_affiliate extension 0.5.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2009-4969 |
high |
— |
7.5 |
|
|
typo3 |
16y ago |
SQL injection vulnerability in the Solidbase Bannermanagement (SBbanner) extension 1.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2009-4968 |
high |
— |
7.5 |
|
|
christian_ehmanntypo3 |
16y ago |
SQL injection vulnerability in the Event Registration (event_registr) extension 1.0.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2009-4967 |
high |
— |
7.5 |
|
|
jochen_riegertypo3 |
16y ago |
SQL injection vulnerability in the Car (car) extension before 0.1.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2009-4966 |
high |
— |
7.5 |
|
|
elementetypo3 |
16y ago |
SQL injection vulnerability in the AST ZipCodeSearch (ast_addresszipsearch) extension 0.5.4 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2009-4965 |
high |
— |
7.5 |
|
|
thomas_waggershausertypo3 |
16y ago |
SQL injection vulnerability in the AIRware Lexicon (air_lexicon) extension 0.0.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2009-4959 |
high |
— |
7.5 |
|
|
stefan_kochtypo3 |
16y ago |
SQL injection vulnerability in the T3M E-Mail Marketing Tool (t3m) extension 0.2.4 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2009-4955 |
high |
— |
7.5 |
|
|
thomas_hempeltypo3 |
16y ago |
SQL injection vulnerability in the ultraCards (th_ultracards) extension before 0.5.1 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2009-4954 |
high |
— |
7.5 |
|
|
websedittypo3 |
16y ago |
SQL injection vulnerability in the Versatile Calendar Extension [VCE] (sk_calendar) extension before 0.3.4 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2009-4950 |
high |
— |
7.5 |
|
|
tim_lochmueller_\&_thomas_busstypo3 |
16y ago |
SQL injection vulnerability in the A21glossary Advanced Output (a21glossary_advanced_output) extension before 0.1.12 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecifie… |
| CVE-2009-4949 |
high |
— |
7.5 |
|
|
joachim_ruhstypo3 |
16y ago |
SQL injection vulnerability in the Store Locator extension before 1.2.8 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2010-2131 |
high |
— |
7.5 |
|
|
mario_matzullatypo3 |
16y ago |
SQL injection vulnerability in the Calendar Base (cal) extension before 1.3.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via iCalendar data. |
| CVE-2009-4855 |
high |
— |
8.5 |
EXP |
|
typo3 |
16y ago |
SQL injection vulnerability in index.php in TYPO3 4.0 allows remote attackers to execute arbitrary SQL commands via the showUid parameter. NOTE: the TYPO3 Security Team disputes this report, stating … |
| CVE-2009-4803 |
high |
— |
7.5 |
|
|
andreas_schwarzkopftypo3 |
16y ago |
Accessibility Glossary (a21glossary) SQL injection vulnerability |
| CVE-2009-4802 |
high |
— |
7.5 |
|
|
joachim_ruhstypo3 |
16y ago |
SQL injection vulnerability in the Flat Manager (flatmgr) extension before 1.9.16 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2009-4740 |
high |
— |
7.5 |
|
|
typo3 |
16y ago |
Directory traversal vulnerability in the Webesse E-Card (ws_ecard) extension 1.0.2 and earlier for TYPO3 has unspecified impact and remote attack vectors. |
| CVE-2010-1027 |
high |
— |
7.5 |
|
|
dietmar_schffertypo3 |
16y ago |
SQL injection vulnerability in the Meet Travelmates (travelmate) extension 0.1.1 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2010-1026 |
high |
— |
7.5 |
|
|
mathon_nicolastypo3 |
16y ago |
SQL injection vulnerability in the CleanDB - DBAL (tmsw_cleandb) extension 2.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2010-1024 |
high |
— |
7.5 |
|
|
chris_wederkatypo3 |
16y ago |
SQL injection vulnerability in the TGM-Newsletter (tgm_newsletter) extension 0.0.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2010-1022 |
high |
— |
7.5 |
|
|
marcus_krausetypo3 |
16y ago |
The TYPO3 Security - Salted user password hashes (t3sec_saltedpw) extension before 0.2.13 for TYPO3 allows remote attackers to bypass authentication via unspecified vectors. |
| CVE-2010-1019 |
high |
— |
7.5 |
|
|
sk-typo3typo3 |
16y ago |
SQL injection vulnerability in the Simple Gallery (sk_simplegallery) extension 0.0.9 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2010-1018 |
high |
— |
7.5 |
|
|
jochen_rautypo3 |
16y ago |
SQL injection vulnerability in the Book Reviews (sk_bookreview) extension 0.0.12 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2010-1017 |
high |
— |
7.5 |
|
|
laurent_foulloytypo3 |
16y ago |
SQL injection vulnerability in the SAV Filter Months (sav_filter_months) extension before 1.0.5 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2010-1016 |
high |
— |
7.5 |
|
|
laurent_foulloytypo3 |
16y ago |
SQL injection vulnerability in the SAV Filter Selectors (sav_filter_selectors) extension before 1.0.5 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2010-1015 |
high |
— |
7.5 |
|
|
laurent_foulloytypo3 |
16y ago |
SQL injection vulnerability in the SAV Filter Alphabetic (sav_filter_abc) extension before 1.0.9 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2010-1013 |
high |
— |
7.5 |
|
|
fr.simon_rundelltypo3 |
16y ago |
SQL injection vulnerability in the Diocese of Portsmouth Database (pd_diocesedatabase) extension before 0.7.13 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vect… |
| CVE-2010-1012 |
high |
— |
7.5 |
|
|
mathias_schreibertypo3 |
16y ago |
SQL injection vulnerability in the CleanDB (nf_cleandb) extension 1.0.7 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2010-1010 |
high |
— |
7.5 |
|
|
matthias_kalltypo3 |
16y ago |
SQL injection vulnerability in the MK Wastebasket (mk_wastebasket) extension 2.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2010-1009 |
high |
— |
7.5 |
|
|
joachim-ruhstypo3 |
16y ago |
SQL injection vulnerability in the Educator extension 0.1.5 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2010-1006 |
high |
— |
7.5 |
|
|
typo3 |
16y ago |
SQL injection vulnerability in the Brainstorming extension 0.1.8 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2010-1004 |
high |
— |
7.5 |
|
|
mischa_heimanntypo3 |
16y ago |
SQL injection vulnerability in the Yet another TYPO3 search engine (YATSE) extension before 0.3.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2009-4711 |
high |
— |
7.5 |
|
|
jan_bednariktypo3 |
16y ago |
SQL injection vulnerability in the CoolURI (cooluri) extension before 1.0.16 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability tha… |
| CVE-2009-4710 |
high |
— |
7.5 |
|
|
robert_heeltypo3 |
16y ago |
SQL injection vulnerability in the Reset backend password (cwt_resetbepassword) extension 1.20 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2009-4709 |
high |
— |
7.5 |
|
|
dirk_maiwerttypo3 |
16y ago |
SQL injection vulnerability in the datamints Newsticker (datamints_newsticker) extension before 0.7.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2009-4708 |
high |
— |
7.5 |
|
|
maximo_cuadrostypo3 |
16y ago |
SQL injection vulnerability in the [Gobernalia] Front End News Submitter (gb_fenewssubmit) extension 0.1.0 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecif… |
| CVE-2009-4703 |
high |
— |
7.5 |
|
|
typo3 |
16y ago |
SQL injection vulnerability in the Webesse Image Gallery (ws_gallery) extension 1.0.4 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2009-4702 |
high |
— |
7.5 |
|
|
markus_barchfeldtypo3 |
16y ago |
SQL injection vulnerability in the Tour Extension (pm_tour) extension before 0.0.13 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2009-4701 |
high |
— |
7.5 |
|
|
liviu_mitrofantypo3 |
16y ago |
SQL injection vulnerability in the Myth download (myth_download) extension 0.1.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
| CVE-2010-0798 |
high |
— |
7.5 |
|
|
snowflaketypo3 |
17y ago |
SQL injection vulnerability in the T3BLOG extension 0.6.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. |
