CVE Database · CVE-2017-7581
CVSS v3.1
N/A
EPSS
48.43%
Published
Apr 7, 2017
Modified
May 12, 2026
Public PoC / Exploit (1)
All weaponized →Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.
Description
SQL injection vulnerability in NewsController.php in the News module 5.3.2 and earlier for TYPO3 allows unauthenticated users to execute arbitrary SQL commands via vectors involving overwriteDemand for order and OrderByAllowed.
Weaknesses (CWE)
Affected Products (1)
References (2)
