SQL Injection in TYPO3 Frontend Login · GHSA-j86x-pjmr-9m6w · GitHub Advisory Database · GitHub

SQL Injection in TYPO3 Frontend Login

Moderate severity GitHub Reviewed Published Jun 5, 2024 to the GitHub Advisory Database • Updated Jun 5, 2024

Package

typo3/cms (Composer)

Affected versions

>= 6.2.0, < 6.2.26

>= 7.6.0, < 7.6.10

Patched versions

6.2.26

7.6.10

Description

Failing to properly escape user input, the frontend login component is vulnerable to SQL Injection. A valid frontend user account is needed to exploit this vulnerability.

References

Published to the GitHub Advisory Database Jun 5, 2024

Reviewed Jun 5, 2024

Last updated Jun 5, 2024

Severity

Moderate

5.4

/ 10

CVSS base metrics

Attack vector

Network

Attack complexity

Low

Privileges required

Low

User interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

None

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N