Arbitrary SQL Command Execution in TYPO3 News Module 5.3.2 and Earlier

Arbitrary SQL Command Execution in TYPO3 News Module 5.3.2 and Earlier

CVE-2017-7581 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

SQL injection vulnerability in NewsController.php in the News module 5.3.2 and earlier for TYPO3 allows unauthenticated users to execute arbitrary SQL commands via vectors involving overwriteDemand for order and OrderByAllowed.

Learn more about our User Device Pen Test.