Vulnerability Description
The dce (aka Dynamic Content Element) extension 2.2.0 through 2.6.x before 2.6.2, and 2.7.x before 2.7.1, for TYPO3 allows SQL Injection via a backend user account.
CVSS Score
4.9
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dynamic Content Elements Project | Dynamic Content Elements | >= 2.2.0, < 2.6.2 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/162429/TYPO3-6.2.1-SQL-Injection.htmlExploitThird Party Advisory
- https://cds.thalesgroup.com/en/tcs-cert/CVE-2021-31777
- https://excellium-services.com/cert-xlm-advisory/Not Applicable
- https://typo3.org/security/advisory/typo3-ext-sa-2021-005PatchThird Party Advisory
- http://packetstormsecurity.com/files/162429/TYPO3-6.2.1-SQL-Injection.htmlExploitThird Party Advisory
- https://excellium-services.com/cert-xlm-advisory/Not Applicable
- https://typo3.org/security/advisory/typo3-ext-sa-2021-005PatchThird Party Advisory
FAQ
What is CVE-2021-31777?
CVE-2021-31777 is a vulnerability with a CVSS score of 4.9 (MEDIUM). The dce (aka Dynamic Content Element) extension 2.2.0 through 2.6.x before 2.6.2, and 2.7.x before 2.7.1, for TYPO3 allows SQL Injection via a backend user account.
How severe is CVE-2021-31777?
CVE-2021-31777 has been rated MEDIUM with a CVSS base score of 4.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-31777?
Check the references section above for vendor advisories and patch information. Affected products include: Dynamic Content Elements Project Dynamic Content Elements.