CVE-2011-1722

Multiple SQL injection vulnerabilities in WEC Discussion Forum (wec_discussion) extension 2.1.0 and earlier for TYPO3 allow remote attackers to...

Basic Information

CVE State: PUBLISHED
Reserved Date: April 19, 2011
Published Date: April 19, 2011
Last Updated: August 06, 2024
Vendor: TYPO3
Product: WEC Discussion Forum
Description: Multiple SQL injection vulnerabilities in WEC Discussion Forum (wec_discussion) extension 2.1.0 and earlier for TYPO3 allow remote attackers to execute arbitrary SQL commands via unspecified vectors, as exploited in the wild in April 2011.

CVSS Scores

CVSS v2.0

7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploit Status

Exploited in the Wild: Yes (2011-04-19 19:00:00 UTC) Source

References

http://osvdb.org/71674 http://www.vupen.com/english/advisories/2011/0896 http://typo3.org/teams/security/security-bulletins/typo3-sa-2011-003/ http://secunia.com/advisories/44055 https://exchange.xforce.ibmcloud.com/vulnerabilities/66619 http://www.securityfocus.com/bid/47257 http://typo3.org/extensions/repository/view/wec_discussion/2.1.1/

Known Exploited Vulnerability Information

Source	Added Date
CVE	2011-04-19 19:00:00 UTC

Timeline

CVE ID Reserved

April 19, 2011
CVE Published to Public

April 19, 2011
Added to KEVIntel

April 19, 2011