CVE-2014-7201

Name of the Vulnerable Software and Affected Versions JobControl (dmmjobcontrol) extension versions 2.14.0 and earlier for TYPO3

Description The issue concerns SQL injection vulnerabilities in the search function of the JobControl extension for TYPO3. These vulnerabilities allow remote attackers to execute arbitrary SQL commands by manipulating the education, region, or sector fields. For example, an attacker could exploit the tx dmmjobcontrol pi1[search][sector][] parameter in the "jobs/" endpoint.

Recommendations For JobControl (dmmjobcontrol) extension versions 2.14.0 and earlier, consider disabling the search function in the affected extension until a patch is available. Restrict access to the vulnerable tx dmmjobcontrol pi1/class.tx dmmjobcontrol pi1.php file to minimize the risk of exploitation. Avoid using the parameters related to the education, region, or sector fields in the affected API endpoint until the issue is resolved.