PT-2022-22931 · Typo3 · Lux Extension

Torben Hansen

Published

2022-07-12

Updated

2022-07-27

CVE-2022-35628

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions lux extension versions prior to 17.6.1 lux extension versions 18.x through 24.x before 24.0.2

Description A SQL injection issue was discovered in the lux extension for TYPO3.

Recommendations For versions prior to 17.6.1, update to version 17.6.1 or later. For versions 18.x through 24.x, update to version 24.0.2 or later.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2022-35628

GHSA-RPXG-HG79-H8Q9

Affected Products

Lux Extension

PT-2022-22931 · Typo3 · Lux Extension

CVE-2022-35628

Weakness Enumeration

Related Identifiers

Affected Products

References · 6