Arbitrary SQL Command Execution in WEC Discussion Forum Extension for TYPO3

Arbitrary SQL Command Execution in WEC Discussion Forum Extension for TYPO3

CVE-2011-1722 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

Multiple SQL injection vulnerabilities in WEC Discussion Forum (wec_discussion) extension 2.1.0 and earlier for TYPO3 allow remote attackers to execute arbitrary SQL commands via unspecified vectors, as exploited in the wild in April 2011.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.