Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
6 vulnerabilities found for dynamic_content_elements by dynamic_content_elements_project
FKIE_CVE-2021-31777
Vulnerability from fkie_nvd - Published: 2021-04-28 07:15 - Updated: 2025-05-30 16:15
Severity ?
Summary
The dce (aka Dynamic Content Element) extension 2.2.0 through 2.6.x before 2.6.2, and 2.7.x before 2.7.1, for TYPO3 allows SQL Injection via a backend user account.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://packetstormsecurity.com/files/162429/TYPO3-6.2.1-SQL-Injection.html | Exploit, Third Party Advisory | |
| cve@mitre.org | https://cds.thalesgroup.com/en/tcs-cert/CVE-2021-31777 | ||
| cve@mitre.org | https://excellium-services.com/cert-xlm-advisory/ | Not Applicable | |
| cve@mitre.org | https://typo3.org/security/advisory/typo3-ext-sa-2021-005 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/162429/TYPO3-6.2.1-SQL-Injection.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://excellium-services.com/cert-xlm-advisory/ | Not Applicable | |
| af854a3a-2127-422b-91ae-364da2661108 | https://typo3.org/security/advisory/typo3-ext-sa-2021-005 | Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dynamic_content_elements_project | dynamic_content_elements | * | |
| dynamic_content_elements_project | dynamic_content_elements | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dynamic_content_elements_project:dynamic_content_elements:*:*:*:*:*:typo3:*:*",
"matchCriteriaId": "92DBB664-F9AD-495B-8826-3E20E65D93AB",
"versionEndExcluding": "2.6.2",
"versionStartIncluding": "2.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dynamic_content_elements_project:dynamic_content_elements:*:*:*:*:*:typo3:*:*",
"matchCriteriaId": "2EDEEDAD-7C08-4FDE-820B-9504A94B95C3",
"versionEndExcluding": "2.7.1",
"versionStartIncluding": "2.7.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The dce (aka Dynamic Content Element) extension 2.2.0 through 2.6.x before 2.6.2, and 2.7.x before 2.7.1, for TYPO3 allows SQL Injection via a backend user account."
},
{
"lang": "es",
"value": "La extensi\u00f3n dce (tambi\u00e9n se conoce como Elemento de contenido din\u00e1mico) versiones 2.2.0 hasta 2.6.x anteriores a 2.6.2 y versiones 2.7.x anteriores a 2.7.1, para TYPO3 permite una inyecci\u00f3n SQL por medio de una cuenta de usuario backend"
}
],
"id": "CVE-2021-31777",
"lastModified": "2025-05-30T16:15:27.663",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-04-28T07:15:07.507",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://packetstormsecurity.com/files/162429/TYPO3-6.2.1-SQL-Injection.html"
},
{
"source": "cve@mitre.org",
"url": "https://cds.thalesgroup.com/en/tcs-cert/CVE-2021-31777"
},
{
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
],
"url": "https://excellium-services.com/cert-xlm-advisory/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-ext-sa-2021-005"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "http://packetstormsecurity.com/files/162429/TYPO3-6.2.1-SQL-Injection.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable"
],
"url": "https://excellium-services.com/cert-xlm-advisory/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://typo3.org/security/advisory/typo3-ext-sa-2021-005"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2014-8328
Vulnerability from fkie_nvd - Published: 2020-02-03 14:15 - Updated: 2024-11-21 02:18
Severity ?
Summary
The default configuration in the Dynamic Content Elements (dce) extension before 0.11.5 for TYPO3 allows remote attackers to obtain sensitive installation environment information by reading the update check request.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dynamic_content_elements_project:dynamic_content_elements:*:*:*:*:*:typo3:*:*",
"matchCriteriaId": "F3F4314D-F051-49FE-A8F9-7AFE61B78498",
"versionEndIncluding": "0.7.5",
"versionStartIncluding": "0.7.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dynamic_content_elements_project:dynamic_content_elements:*:*:*:*:*:typo3:*:*",
"matchCriteriaId": "AD9E0D2A-A514-4C10-8C49-A4351D983B3F",
"versionEndIncluding": "0.8.6",
"versionStartIncluding": "0.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dynamic_content_elements_project:dynamic_content_elements:*:*:*:*:*:typo3:*:*",
"matchCriteriaId": "ACA17C63-45D4-4269-8C60-F0DDD8C2DB78",
"versionEndIncluding": "0.9.4",
"versionStartIncluding": "0.9.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dynamic_content_elements_project:dynamic_content_elements:*:*:*:*:*:typo3:*:*",
"matchCriteriaId": "EFC8C166-4E2C-42E0-85AC-5C313B234D1F",
"versionEndIncluding": "0.10.2",
"versionStartIncluding": "0.10.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dynamic_content_elements_project:dynamic_content_elements:*:*:*:*:*:typo3:*:*",
"matchCriteriaId": "85F3F213-C842-4FE4-990A-2C14120E359B",
"versionEndExcluding": "0.11.5",
"versionStartIncluding": "0.11.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The default configuration in the Dynamic Content Elements (dce) extension before 0.11.5 for TYPO3 allows remote attackers to obtain sensitive installation environment information by reading the update check request."
},
{
"lang": "es",
"value": "La configuraci\u00f3n predeterminada en la extensi\u00f3n Dynamic Content Elements (dce) versiones anteriores a 0.11.5 para TYPO3, permite a atacantes remotos obtener informaci\u00f3n confidencial del entorno de instalaci\u00f3n mediante la lectura de la petici\u00f3n de comprobaci\u00f3n de actualizaci\u00f3n."
}
],
"id": "CVE-2014-8328",
"lastModified": "2024-11-21T02:18:52.893",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-02-03T14:15:10.553",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/extensions/repository/view/dce"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-015/"
},
{
"source": "cve@mitre.org",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97673"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/extensions/repository/view/dce"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-015/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"VDB Entry"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97673"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2021-31777 (GCVE-0-2021-31777)
Vulnerability from cvelistv5 – Published: 2021-04-28 06:24 – Updated: 2025-05-30 16:01
VLAI?
Summary
The dce (aka Dynamic Content Element) extension 2.2.0 through 2.6.x before 2.6.2, and 2.7.x before 2.7.1, for TYPO3 allows SQL Injection via a backend user account.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:03:33.776Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://excellium-services.com/cert-xlm-advisory/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://typo3.org/security/advisory/typo3-ext-sa-2021-005"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/162429/TYPO3-6.2.1-SQL-Injection.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The dce (aka Dynamic Content Element) extension 2.2.0 through 2.6.x before 2.6.2, and 2.7.x before 2.7.1, for TYPO3 allows SQL Injection via a backend user account."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-30T16:01:46.726Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://excellium-services.com/cert-xlm-advisory/"
},
{
"url": "https://typo3.org/security/advisory/typo3-ext-sa-2021-005"
},
{
"url": "http://packetstormsecurity.com/files/162429/TYPO3-6.2.1-SQL-Injection.html"
},
{
"url": "https://cds.thalesgroup.com/en/tcs-cert/CVE-2021-31777"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-31777",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The dce (aka Dynamic Content Element) extension 2.2.0 through 2.6.x before 2.6.2, and 2.7.x before 2.7.1, for TYPO3 allows SQL Injection via a backend user account."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://excellium-services.com/cert-xlm-advisory/",
"refsource": "MISC",
"url": "https://excellium-services.com/cert-xlm-advisory/"
},
{
"name": "https://typo3.org/security/advisory/typo3-ext-sa-2021-005",
"refsource": "MISC",
"url": "https://typo3.org/security/advisory/typo3-ext-sa-2021-005"
},
{
"name": "http://packetstormsecurity.com/files/162429/TYPO3-6.2.1-SQL-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/162429/TYPO3-6.2.1-SQL-Injection.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-31777",
"datePublished": "2021-04-28T06:24:10.000Z",
"dateReserved": "2021-04-23T00:00:00.000Z",
"dateUpdated": "2025-05-30T16:01:46.726Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-8328 (GCVE-0-2014-8328)
Vulnerability from cvelistv5 – Published: 2020-02-03 13:34 – Updated: 2024-08-06 13:18
VLAI?
Summary
The default configuration in the Dynamic Content Elements (dce) extension before 0.11.5 for TYPO3 allows remote attackers to obtain sensitive installation environment information by reading the update check request.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Date Public ?
2014-10-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:18:48.304Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-015/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://typo3.org/extensions/repository/view/dce"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97673"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-10-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The default configuration in the Dynamic Content Elements (dce) extension before 0.11.5 for TYPO3 allows remote attackers to obtain sensitive installation environment information by reading the update check request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-03T13:34:30.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-015/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://typo3.org/extensions/repository/view/dce"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97673"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8328",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The default configuration in the Dynamic Content Elements (dce) extension before 0.11.5 for TYPO3 allows remote attackers to obtain sensitive installation environment information by reading the update check request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-015/",
"refsource": "MISC",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-015/"
},
{
"name": "http://typo3.org/extensions/repository/view/dce",
"refsource": "MISC",
"url": "http://typo3.org/extensions/repository/view/dce"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97673",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97673"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-8328",
"datePublished": "2020-02-03T13:34:30.000Z",
"dateReserved": "2014-10-18T00:00:00.000Z",
"dateUpdated": "2024-08-06T13:18:48.304Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-31777 (GCVE-0-2021-31777)
Vulnerability from nvd – Published: 2021-04-28 06:24 – Updated: 2025-05-30 16:01
VLAI?
Summary
The dce (aka Dynamic Content Element) extension 2.2.0 through 2.6.x before 2.6.2, and 2.7.x before 2.7.1, for TYPO3 allows SQL Injection via a backend user account.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:03:33.776Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://excellium-services.com/cert-xlm-advisory/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://typo3.org/security/advisory/typo3-ext-sa-2021-005"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/162429/TYPO3-6.2.1-SQL-Injection.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The dce (aka Dynamic Content Element) extension 2.2.0 through 2.6.x before 2.6.2, and 2.7.x before 2.7.1, for TYPO3 allows SQL Injection via a backend user account."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-30T16:01:46.726Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://excellium-services.com/cert-xlm-advisory/"
},
{
"url": "https://typo3.org/security/advisory/typo3-ext-sa-2021-005"
},
{
"url": "http://packetstormsecurity.com/files/162429/TYPO3-6.2.1-SQL-Injection.html"
},
{
"url": "https://cds.thalesgroup.com/en/tcs-cert/CVE-2021-31777"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-31777",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The dce (aka Dynamic Content Element) extension 2.2.0 through 2.6.x before 2.6.2, and 2.7.x before 2.7.1, for TYPO3 allows SQL Injection via a backend user account."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://excellium-services.com/cert-xlm-advisory/",
"refsource": "MISC",
"url": "https://excellium-services.com/cert-xlm-advisory/"
},
{
"name": "https://typo3.org/security/advisory/typo3-ext-sa-2021-005",
"refsource": "MISC",
"url": "https://typo3.org/security/advisory/typo3-ext-sa-2021-005"
},
{
"name": "http://packetstormsecurity.com/files/162429/TYPO3-6.2.1-SQL-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/162429/TYPO3-6.2.1-SQL-Injection.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-31777",
"datePublished": "2021-04-28T06:24:10.000Z",
"dateReserved": "2021-04-23T00:00:00.000Z",
"dateUpdated": "2025-05-30T16:01:46.726Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-8328 (GCVE-0-2014-8328)
Vulnerability from nvd – Published: 2020-02-03 13:34 – Updated: 2024-08-06 13:18
VLAI?
Summary
The default configuration in the Dynamic Content Elements (dce) extension before 0.11.5 for TYPO3 allows remote attackers to obtain sensitive installation environment information by reading the update check request.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Date Public ?
2014-10-17 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:18:48.304Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-015/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://typo3.org/extensions/repository/view/dce"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97673"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-10-17T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The default configuration in the Dynamic Content Elements (dce) extension before 0.11.5 for TYPO3 allows remote attackers to obtain sensitive installation environment information by reading the update check request."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-02-03T13:34:30.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-015/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://typo3.org/extensions/repository/view/dce"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97673"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-8328",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The default configuration in the Dynamic Content Elements (dce) extension before 0.11.5 for TYPO3 allows remote attackers to obtain sensitive installation environment information by reading the update check request."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-015/",
"refsource": "MISC",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-015/"
},
{
"name": "http://typo3.org/extensions/repository/view/dce",
"refsource": "MISC",
"url": "http://typo3.org/extensions/repository/view/dce"
},
{
"name": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97673",
"refsource": "MISC",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/97673"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-8328",
"datePublished": "2020-02-03T13:34:30.000Z",
"dateReserved": "2014-10-18T00:00:00.000Z",
"dateUpdated": "2024-08-06T13:18:48.304Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}