Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
The dated_news (aka Dated News) extension through 5.1.1 for TYPO3 allows SQL Injection.
AnalysisAI
The dated_news (aka Dated News) extension through 5.1.1 for TYPO3 allows SQL Injection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as SQL Injection (CWE-89), which allows attackers to execute arbitrary SQL commands against the database. The dated_news (aka Dated News) extension through 5.1.1 for TYPO3 allows SQL Injection. Affected products include: Dated News Project Dated News. Version information: through 5.1.1.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use parameterized queries/prepared statements. Never concatenate user input into SQL. Apply least-privilege database permissions.
More in Dated News
View allThe dated_news (aka Dated News) extension through 5.1.1 for TYPO3 has incorrect Access Control for confirming various ap
The dated_news (aka Dated News) extension through 5.1.1 for TYPO3 allows XSS. Rated medium severity (CVSS 6.1), this vul
The dated_news (aka Dated News) extension through 5.1.1 for TYPO3 allows Information Disclosure of application registrat
Same weakness CWE-89 – SQL Injection
View allShare
External POC / Exploit Code
Leaving vuln.today