Arbitrary SQL Command Execution in TYPO3 Developer Log Extension

Arbitrary SQL Command Execution in TYPO3 Developer Log Extension

CVE-2015-4613 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

SQL injection vulnerability in the backend module in the Developer Log (devlog) extension before 2.11.4 for TYPO3 allows remote editors to execute arbitrary SQL commands via unspecified vectors.

Learn more about our Web Application Penetration Testing UK.