TYPO3 News Calendar Extension Unspecified SQL Injection Vulnerability
BID:30056
Info
TYPO3 News Calendar Extension Unspecified SQL Injection Vulnerability
| Bugtraq ID: | 30056 |
| Class: | Input Validation Error |
| CVE: |
CVE-2008-3044 |
| Remote: | Yes |
| Local: | No |
| Published: | Jul 01 2008 12:00AM |
| Updated: | May 07 2015 05:27PM |
| Credit: | Georg Ringer |
| Vulnerable: |
Typo3 News Calendar 1.0.7 |
| Not Vulnerable: |
Typo3 News Calendar 1.0.8 |
Discussion
TYPO3 News Calendar Extension Unspecified SQL Injection Vulnerability
The TYPO3 News Calendar extension is prone to an unspecified SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Versions up to and including News Calendar 1.0.7 are vulnerable.
The TYPO3 News Calendar extension is prone to an unspecified SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Versions up to and including News Calendar 1.0.7 are vulnerable.
Exploit / POC
TYPO3 News Calendar Extension Unspecified SQL Injection Vulnerability
Attackers can use a browser to exploit this issue.
Attackers can use a browser to exploit this issue.
Solution / Fix
TYPO3 News Calendar Extension Unspecified SQL Injection Vulnerability
Solution:
The vendor has released an update. Please see the references for more information.
Solution:
The vendor has released an update. Please see the references for more information.
References
TYPO3 News Calendar Extension Unspecified SQL Injection Vulnerability
References:
References:
- Synnefoims Homepage (synnefoims)
- TYPO3 News Calendar (TYPO3)
- TYPO3 Collective Security Bulletin TYPO3-20080701-1: Several vulnerabilities in (TYPO3)