CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2011-3584
https://notcve.org/view.php?id=CVE-2011-3584
The TYPO3 Core wec_discussion extension before 2.1.1 is vulnerable to SQL Injection due to improper sanitation of user-supplied input. La extensión TYPO3 Core wec_discussion versiones anteriores a 2.1.1, es vulnerable a una inyección SQL debido al saneamiento inapropiado de la entrada suministrada por el usuario. • https://access.redhat.com/security/cve/cve-2011-3584 https://security-tracker.debian.org/tracker/CVE-2011-3584 https://typo3.org/security/advisory/typo3-sa-2011-003 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.3EPSS: 0%CPEs: 7EXPL: 0CVE-2008-6144
https://notcve.org/view.php?id=CVE-2008-6144
Multiple cross-site scripting (XSS) vulnerabilities in the WEC Discussion Forum (wec_discussion) extension 1.7.0 and earlier for TYPO3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2008-3029. Múltiples vulnerabilidades de ejecución de secuencias de comandos en sitios cruzados en WEC Discussion Forum (wec_discussion) extensión 1.7.0 y anteriores para TYPO3 permite a atacantes remotos inyectar HTML o scripts web arbitrarios a través de vectores no especificados. Se trata de una vulnerabilidad diferente a la CVE-2008-3029. • http://secunia.com/advisories/33254 http://typo3.org/extensions/repository/view/wec_discussion/1.7.1 http://typo3.org/teams/security/security-bulletins/typo3-20081222-2 http://www.vupen.com/english/advisories/2008/3502 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2008-6145
https://notcve.org/view.php?id=CVE-2008-6145
Multiple SQL injection vulnerabilities in the WEC Discussion Forum (wec_discussion) extension 1.7.0 and earlier for TYPO3 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. Múltiples vulnerabilidades de inyección SQL en WEC Discussion Forum (wec_discussion) extensión 1.7.0 y anteriores para TYPO3 permite a atacantes remotos ejecutar comandos SQL a través de vectores no especificados. • http://secunia.com/advisories/33254 http://typo3.org/extensions/repository/view/wec_discussion/1.7.1 http://typo3.org/teams/security/security-bulletins/typo3-20081222-2 http://www.vupen.com/english/advisories/2008/3502 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •