CVE-2021-31777

CVE-2021-31777

by colinelacatena

Abstract Advisory Information

A field of the administration panel is prone to SQL injection due to the lack of input sanitation on a
specific part of the SQL query, allowing an attacker with administrator access to dump the entire
database of the application.

Authors: Alexis Pain

Version affected

Name: TYPO3 CMS
Versions: 10.4.13

Common Vulnerability Scoring System

4.9
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Patches

Updated versions 2.6.2 and 2.7.1 are available from the TYPO3 extension manager

Reference

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31777

https://typo3.org/security/advisory/typo3-ext-sa-2021-005

Vulnerability Disclosure Timeline

  • 01/04/2021: Vulnerability discovery
  • 01/04/2021: Vulnerability Report to CERT-XLM
  • 06/04/2021: Vulnerability Report to TYPO3
  • 20/04/2021: TYPO3 acknowledgment
  • 20/04/2021: Request CVE ID to Mitre by TYPO3
  • 27/04/2021: Vulnerability fixed
  • 28/04/2021: Public Vulnerability Disclosure
Top