CVE-2021-31777
MEDIUMDynamic Content Elements 2.2.0-2.6.x < 2.6.2 and 2.7.x < 2.7.1 - Authenticated SQL Injection
Title source: llmDescription
The dce (aka Dynamic Content Element) extension 2.2.0 through 2.6.x before 2.6.2, and 2.7.x before 2.7.1, for TYPO3 allows SQL Injection via a backend user account.
References (4)
Core 4
Core References
Various Sources
https://cds.thalesgroup.com/en/tcs-cert/CVE-2021-31777
Exploit, Third Party Advisory
http://packetstormsecurity.com/files/162429/TYPO3-6.2.1-SQL-Injection.html
Not Applicable
https://excellium-services.com/cert-xlm-advisory/
Patch, Third Party Advisory
https://typo3.org/security/advisory/typo3-ext-sa-2021-005
Scores
CVSS v3
4.9
EPSS
0.0141
EPSS Percentile
69.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-89
Status
published
Products (2)
dynamic_content_elements_project/dynamic_content_elements
2.2.0 - 2.6.2
t3/dce
2.2.0 - 2.6.2Packagist
Published
Apr 28, 2021
Tracked Since
Feb 18, 2026