CVE-2013-4682 – bvbmedia/multishop

Package

Manager: composer
Name: bvbmedia/multishop
Vulnerable Version: >=0 <2.0.39

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:U/RC:R

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00397 pctl0.59747

Details

Multishop extension for TYPO3 has SQL Injection vulnerability SQL injection vulnerability in the Multishop extension before 2.0.39 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Metadata

Created: 2022-05-17T05:00:38Z
Modified: 2025-04-12T03:11:22Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-v4fw-fh5c-xvjg/GHSA-v4fw-fh5c-xvjg.json
CWE IDs: ["CWE-89"]
Alternative ID: GHSA-v4fw-fh5c-xvjg
Finding: F297
Auto approve: 1