Matthias Hunstock

**Name of the Vulnerable Software and Affected Versions** TYPO3 Core wec discussion extension versions prior to 2.1.1 **Description** The issue is related to SQL Injection due to improper sanitation of user-supplied input. This allows for potential exploitation by injecting malicious SQL code. **Recommendations** For versions prior to 2.1.1, update to version 2.1.1 or later to resolve the issue. As a temporary workaround, consider restricting user input to minimize the risk of SQL Injection until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** TYPO3 WEC Discussion Forum (wec discussion) extension versions 2.1.0 and earlier **Description** The issue allows remote attackers to execute arbitrary SQL commands, which has been exploited in the wild. **Recommendations** For versions 2.1.0 and earlier, update to a version later than 2.1.0 to resolve the issue.