The vhs (aka VHS: Fluid ViewHelpers) extension before 5.1.1 for TYPO3 allows SQL injection via isLanguageViewHelper.
References
Link | Resource |
---|---|
https://typo3.org/security/advisory/typo3-ext-sa-2021-001 | Vendor Advisory |
https://typo3.org/security/advisory/typo3-ext-sa-2021-001 | Vendor Advisory |
Configurations
History
21 Nov 2024, 05:59
Type | Values Removed | Values Added |
---|---|---|
References | () https://typo3.org/security/advisory/typo3-ext-sa-2021-001 - Vendor Advisory |
Information
Published : 2021-03-16 20:15
Updated : 2024-11-21 05:59
NVD link : CVE-2021-28381
Mitre link : CVE-2021-28381
CVE.ORG link : CVE-2021-28381
JSON object : View
Products Affected
vhs_project
- vhs
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')