CVE-2014-7201

Multiple SQL injection vulnerabilities in the search function in pi1/class.tx_dmmjobcontrol_pi1.php in the JobControl (dmmjobcontrol) extension 2.14.0 and earlier for TYPO3 allow remote attackers to execute arbitrary SQL commands via the (1) education, (2) region, or (3) sector fields, as demonstrated by the tx_dmmjobcontrol_pi1[search][sector][] parameter to jobs/.
SQL Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 79%
VendorProductVersion
kevin_renskersdmmjobcontrol
𝑥
≤ 2.14.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://packetstormsecurity.com/files/128446/Typo3-JobControl-2.14.0-Cross-Site-Scripting-SQL-Injection.html
http://seclists.org/fulldisclosure/2014/Sep/89
http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-012
http://www.securityfocus.com/bid/70155
https://www.mogwaisecurity.de/advisories/MSA-2014-02.txt
http://packetstormsecurity.com/files/128446/Typo3-JobControl-2.14.0-Cross-Site-Scripting-SQL-Injection.html
http://seclists.org/fulldisclosure/2014/Sep/89
http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-012
http://www.securityfocus.com/bid/70155
https://www.mogwaisecurity.de/advisories/MSA-2014-02.txt