CVE-2013-4748 – georgringer/news

Package

Manager: composer
Name: georgringer/news
Vulnerable Version: >=0 <1.3.3

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U

EPSS: 0.00397 pctl0.59763

Details

News system (news) extension for TYPO3 vulnerable to SQL Injection SQL injection vulnerability in the News system (news) extension before 1.3.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Metadata

Created: 2022-05-17T01:33:01Z
Modified: 2025-04-12T03:13:23Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-rg6g-v4xm-g49q/GHSA-rg6g-v4xm-g49q.json
CWE IDs: ["CWE-89"]
Alternative ID: GHSA-rg6g-v4xm-g49q
Finding: F106
Auto approve: 1