Skip to main content

Extension Address List

1 CVEs product

Monthly

CVE-2026-8827 PHP HIGH PATCH GHSA This Week

SQL injection in the TYPO3 'address_list' extension's AddressRepository::getSqlQuery() method allows remote attackers to manipulate database queries when the method is called with untrusted input. The flaw is latent - the vulnerable method is not invoked anywhere within the extension itself, so default installations are not exposed, but custom or third-party extensions that reuse this method become injection sinks. No public exploit identified at time of analysis, and no EPSS or KEV signal accompanies the advisory.

SQLi Extension Address List
NVD
CVSS 4.0
8.2
EPSS
0.0%
EPSS 0% CVSS 8.2
HIGH PATCH This Week

SQL injection in the TYPO3 'address_list' extension's AddressRepository::getSqlQuery() method allows remote attackers to manipulate database queries when the method is called with untrusted input. The flaw is latent - the vulnerable method is not invoked anywhere within the extension itself, so default installations are not exposed, but custom or third-party extensions that reuse this method become injection sinks. No public exploit identified at time of analysis, and no EPSS or KEV signal accompanies the advisory.

SQLi Extension Address List
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy