Arbitrary SQL Command Execution in TYPO3 News Module 5.3.2 and Earlier
CVE-2017-7581 · HIGH Severity
AV:N/AC:L/AU:N/C:P/I:P/A:P
SQL injection vulnerability in NewsController.php in the News module 5.3.2 and earlier for TYPO3 allows unauthenticated users to execute arbitrary SQL commands via vectors involving overwriteDemand for order and OrderByAllowed.
Learn more about our User Device Pen Test.