HIGH
GHSA-3h52-6v6j-6wwv
TYPO3 SQL Injection in extension "Address List" (tt_address)
상세
In the TYPO3 extension `tt_address`, the `AddressRepository::getSqlQuery()` method constructs a database query without properly sanitizing user input, leading to SQL Injection. The method is not invoked anywhere within the extension itself and therefore poses no direct risk in a default installation. However, custom extensions that call this method with untrusted input would expose the site to SQL injection. This has been patched in version 8.1.2, 9.1.1, and 10.0.1.
이 버전이 영향받나요?
사용 중인 패키지 버전을 입력하면 즉시 평가합니다.
영향 패키지
Packagist / friendsoftypo3/tt-address
최초 영향 버전:
10.0.0 수정 버전: 10.0.1 수정
composer require friendsoftypo3/tt-address:^10.0.1 Packagist / friendsoftypo3/tt-address
최초 영향 버전:
9.0.0 수정 버전: 9.1.1 수정
composer require friendsoftypo3/tt-address:^9.1.1 Packagist / friendsoftypo3/tt-address
최초 영향 버전:
0 수정 버전: 8.1.2 수정
composer require friendsoftypo3/tt-address:^8.1.2