Skip to content

SQL injection in TYPO3 extension

Critical severity GitHub Reviewed Published Sep 2, 2021 to the GitHub Advisory Database • Updated Feb 1, 2023

Package

composer ecodev/newsletter (Composer)

Affected versions

<= 4.0.0

Patched versions

None

Description

It has been discovered that the extension is susceptible to SQL Injection when processing bounced emails.

References

Published by the National Vulnerability Database Aug 13, 2021
Reviewed Aug 30, 2021
Published to the GitHub Advisory Database Sep 2, 2021
Last updated Feb 1, 2023

Severity

Critical

EPSS score

0.152%
(52nd percentile)

Weaknesses

CVE ID

CVE-2021-38302

GHSA ID

GHSA-hqm2-gwqf-r5g5

Source code

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.