Description
The extension fails to properly sanitize user input before using it in a database query. As a result, an unauthenticated attacker can inject arbitrary SQL through a URL parameter on pages using the "Date Menu of news articles" plugin. Exploitation requires the "Date Menu of news articles" plugin to be in use and the TypoScript/Plugin setting disableOverrideDemand not to be enabled.
CVSS breakdown
CVSS 4.0
Attack Vector
Network
Attack Complexity
Low
Attack Requirements
Present
Privileges Required
None
User Interaction
None
Confidentiality (Vulnerable System)
High
Integrity (Vulnerable System)
None
Availability (Vulnerable System)
None
Confidentiality (Subsequent System)
None
Integrity (Subsequent System)
None
Availability (Subsequent System)
None
Affected products
- TYPO3 / Extension "News system"14.0.0 – 14.0.3
- TYPO3 / Extension "News system"13.0.0 – 13.0.2
- TYPO3 / Extension "News system"12.0.0 – 12.3.2
- TYPO3 / Extension "News system"11.0.0 – 11.4.4
- TYPO3 / Extension "News system"0 – 10.0.4