SQL injection vulnerability in the Flat Manager (flatmgr) extension before 1.9.16 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joachim_ruhs | flat_manager | 1.9.2 |
| joachim_ruhs | flat_manager | 1.8.8 |
| joachim_ruhs | flat_manager | * |
| joachim_ruhs | flat_manager | 1.6.2 |
| joachim_ruhs | flat_manager | 1.9.10 |
| joachim_ruhs | flat_manager | 1.5.0 |
| joachim_ruhs | flat_manager | 1.9.8 |
| joachim_ruhs | flat_manager | 1.8.6 |
| joachim_ruhs | flat_manager | 1.8.9 |
| joachim_ruhs | flat_manager | 1.9.0 |
| joachim_ruhs | flat_manager | 1.9.1 |
| joachim_ruhs | flat_manager | 1.9.3 |
| joachim_ruhs | flat_manager | 1.7.2 |
| joachim_ruhs | flat_manager | 1.9.7 |
| joachim_ruhs | flat_manager | 1.7.1 |
| joachim_ruhs | flat_manager | 1.9.14 |
| joachim_ruhs | flat_manager | 1.9.12 |
| joachim_ruhs | flat_manager | 1.7.0 |
| joachim_ruhs | flat_manager | 1.9.4 |
| joachim_ruhs | flat_manager | 1.4.0 |
| joachim_ruhs | flat_manager | 1.6.0 |
| joachim_ruhs | flat_manager | 1.9.9 |
| joachim_ruhs | flat_manager | 1.8.0 |
Cross-site scripting (XSS) vulnerability in the Store Locator extension before 1.2.8 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joachim_ruhs | locator | 1.1.0 |
| joachim_ruhs | locator | 1.0.7 |
| joachim_ruhs | locator | * |
| joachim_ruhs | locator | 1.0.6 |
| joachim_ruhs | locator | 1.1.8 |
SQL injection vulnerability in the Store Locator extension before 1.2.8 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joachim_ruhs | locator | 1.1.0 |
| joachim_ruhs | locator | 1.0.7 |
| joachim_ruhs | locator | * |
| joachim_ruhs | locator | 1.0.6 |
| joachim_ruhs | locator | 1.1.8 |
SQL injection vulnerability in the Event (event) extension before 0.3.7 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joachim_ruhs | event | 0.2.2 |
| joachim_ruhs | event | 0.2.5 |
| joachim_ruhs | event | * |
| joachim_ruhs | event | 0.2.7 |
| joachim_ruhs | event | 0.2.4 |
SQL injection vulnerability in the FE user statistic (festat) extension before 0.2.4 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joachim_ruhs | festat | * |
| joachim_ruhs | festat | 0.1.6 |
| joachim_ruhs | festat | 0.1.8 |
| joachim_ruhs | festat | 0.1.9 |
Unspecified vulnerability in the Store Locator (locator) extension before 3.1.5 for TYPO3 has unknown impact and remote attack vectors, related to "Insecure Unserialize."
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-noinfo,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joachim_ruhs | locator | 1.1.0 |
| joachim_ruhs | locator | 1.2.6 |
| joachim_ruhs | locator | 1.0.7 |
| joachim_ruhs | locator | 1.2.8 |
| joachim_ruhs | locator | 2.9.0 |
| joachim_ruhs | locator | * |
| joachim_ruhs | locator | 1.0.6 |
| joachim_ruhs | locator | 1.1.8 |
SQL injection vulnerability in the Store Locator (locator) extension before 3.1.5 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joachim_ruhs | locator | 1.1.0 |
| joachim_ruhs | locator | 1.2.6 |
| joachim_ruhs | locator | 1.0.7 |
| joachim_ruhs | locator | 1.2.8 |
| joachim_ruhs | locator | 2.9.0 |
| joachim_ruhs | locator | * |
| joachim_ruhs | locator | 1.0.6 |
| joachim_ruhs | locator | 1.1.8 |
Cross-site scripting (XSS) vulnerability in the Store Locator (locator) extension before 3.1.5 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| joachim_ruhs | locator | 1.1.0 |
| joachim_ruhs | locator | 1.2.6 |
| joachim_ruhs | locator | 1.0.7 |
| joachim_ruhs | locator | 1.2.8 |
| joachim_ruhs | locator | 2.9.0 |
| joachim_ruhs | locator | * |
| joachim_ruhs | locator | 1.0.6 |
| joachim_ruhs | locator | 1.1.8 |