漏洞类别:CGI
漏洞等级: 
漏洞信息
TYPO3 is a free and open source web content management system written in PHP. The News System is a versatile news extension, based on extbase and fluid.
The vulnerability exists in the News System extension, when the overrideDemand is set to 1, which is a default setting. A remote attacker can exploit the vulnerability by transmitting malicious HTTP POST requests to inject and execute arbitrary SQL commands in the targeted application's database.
Affected Versions:
News System versions 5.3.2 and prior
漏洞危害
Successful exploitation allows an unauthenticated, remote attacker to manipulate SQL queries by injecting arbitrary SQL code or further exploit latent vulnerabilities in the underlying database.
解决方案
Customers are advised to update to News system 3.2.8 or later versions to remediate this vulnerability.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0day
文章评论