-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe advisory explicitly states sql_query remains vulnerable despite proper quoteStr usage. The vulnerability manifests in MySQL passthrough configuration where DBAL's escaping is bypassed. As the primary query execution method, sql_query would appear in stack traces when malicious SQL is executed. No actual patch diff is available, but TYPO3's security bulletin directly implicates this function as the vulnerable entry point.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| typo3/cms | composer | >= 6.2.0, < 6.2.18 | 6.2.18 |
PHPPHPOngoing coverage of React2Shell