CVE-2013-4634
https://notcve.org/view.php?id=CVE-2013-4634
SQL injection vulnerability in the jQuery autocomplete for indexed_search (rzautocomplete) extension before 0.0.9 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en el autocompletado de jQuery para la extensión indexed_search (rzautocomplete) antes de v0.0.9 de TYPO3 que permite a atacantes remotos ejecutar comandos SQL a través de vectores no especificados. • http://osvdb.org/93815 http://secunia.com/advisories/53633 http://typo3.org/extensions/repository/view/rzautocomplete http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-007 http://www.securityfocus.com/bid/60276 https://exchange.xforce.ibmcloud.com/vulnerabilities/84659 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2010-4887
https://notcve.org/view.php?id=CVE-2010-4887
SQL injection vulnerability in the Commenting system Backend Module (commentsbe) extension 0.0.2 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Vulnerabilidad de inyección SQL en la extensión Commenting system Backend Module (commentsbe) v0.0.2 y anteriores para TYPO3, permite a atacantes remotos ejecutar secuencias SQL a través de vectores no especificados. • http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-018 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •