Multiple SQL injection vulnerabilities in the WEC Discussion Forum (wec_discussion) extension 1.7.0 and earlier for TYPO3 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
References
| Link | Resource |
|---|---|
| http://typo3.org/teams/security/security-bulletins/typo3-20081222-2 | Patch Vendor Advisory |
| http://secunia.com/advisories/33254 | Vendor Advisory |
| http://typo3.org/extensions/repository/view/wec_discussion/1.7.1 | |
| http://www.vupen.com/english/advisories/2008/3502 |
Advertisement
Configurations
Configuration 1 (hide)
| AND |
|
Information
Published : 2009-02-16 09:30
Updated : 2011-03-07 19:15
NVD link : CVE-2008-6145
Mitre link : CVE-2008-6145
JSON object : View
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Advertisement
Products Affected
typo3
- wec_discussion_forum
- typo3