NVD

Id
34635  
Name
CVE-2014-7201  
Description
Multiple SQL injection vulnerabilities in the search function in pi1/class.tx_dmmjobcontrol_pi1.php in the JobControl (dmmjobcontrol) extension 2.14.0 and earlier for TYPO3 allow remote attackers to execute arbitrary SQL commands via the (1) education, (2) region, or (3) sector fields, as demonstrated by the tx_dmmjobcontrol_pi1[search][sector][] parameter to jobs/.  
Reject
 
CVSS Version
2  
CVSS Score
7.5  
Severity
High  
CVSS Base Score
7.5  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:P/I:P/A:P)  
Pub Date
2017-01-19  
Published
2014-10-10  
Modified Date
2014-10-22  
Seq
2014-7201  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
178564 34635 CVE-2014-7201 http://packetstormsecurity.com/files/128446/Typo3-JobControl-2.14.0-Cross-Site-Scripting-SQL-Injection.html  View
178565 34635 CVE-2014-7201 20140925 MSA-2014-02: Typo3 Extension dmmjobcontrol Multiple Vulnerabilities (typo3-ext-sa-2014-012)  View
178566 34635 CVE-2014-7201 http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-012  View
178567 34635 CVE-2014-7201 70155  View
178568 34635 CVE-2014-7201 https://www.mogwaisecurity.de/advisories/MSA-2014-02.txt  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
16075 JVNDB-2014-004950 TYPO3 用 JobControl エクステンションの pi1/class.tx_dmmjobcontrol_pi1.php の検索機能における SQL インジェクションの脆弱性 TYPO3 用 JobControl (dmmjobcontrol) エクステンションの pi1/class.tx_dmmjobcontrol_pi1.php の検索機能には、SQL インジェクションの脆弱性が存在します。 CVE-2014-7201 74493 CVE-2014-7201 34635 7.5 http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-004950.html 2014-09-25 2014-10-24 View