Arbitrary SQL Command Execution in Akronymmanager Extension for TYPO3

CVE-2015-2803 · MEDIUM Severity

AV:N/AC:M/AU:S/C:P/I:P/A:P

SQL injection vulnerability in mod1/index.php in the Akronymmanager (sb_akronymmanager) extension before 7.0.0 for TYPO3 allows remote authenticated users with permission to maintain acronyms to execute arbitrary SQL commands via the id parameter.

Learn more about our User Device Pen Test.