-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI
PHPPHPMiggo AIRoot Cause AnalysisThe vulnerability involves SQL injection in the frontend login component when processing authenticated user input. Analysis focuses on functions that handle user authentication and database queries:
FrontendLoginController::getUser is the primary suspect as it directly processes login credentials. TYPO3's security bulletin explicitly references the frontend login component, making this controller a logical location for the vulnerability.
AuthenticationService::getUser is included as it's a core authentication component that would be involved in user lookup operations. The requirement for valid credentials aligns with this service's purpose.
Confidence is medium because while the exact vulnerable code isn't visible, the pattern matches TYPO3's architecture and SQL injection mitigation typically involves modifying database query construction in these components.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| typo3/cms | composer | >= 6.2.0, < 6.2.26 | 6.2.26 |
| typo3/cms | composer | >= 7.6.0, < 7.6.10 | 7.6.10 |
Ongoing coverage of React2Shell