CVE-2014-6293

SQL injection vulnerability in the Statistics (ke_stats) extension before 1.1.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands...

Basic Information

CVE State: PUBLISHED
Reserved Date: September 11, 2014
Published Date: October 03, 2014
Last Updated: August 06, 2024
Vendor: TYPO3
Product: ke_stats extension for TYPO3
Description: SQL injection vulnerability in the Statistics (ke_stats) extension before 1.1.2 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, as exploited in the wild in February 2014.

CVSS Scores

CVSS v2.0

7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploit Status

Exploited in the Wild: Yes (2014-10-03 14:00:00 UTC) Source

References

http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-002/ http://typo3.org/extensions/repository/view/ke_stats

Known Exploited Vulnerability Information

Source	Added Date
CVE	2014-10-03 14:00:00 UTC

Timeline

CVE ID Reserved

September 11, 2014
CVE Published to Public

October 03, 2014
Added to KEVIntel

October 03, 2014