TYPO3 SQL Frontend Extension Unspecified SQL Injection and Denial of Service Vulnerabilities
The SQL Frontend extension for TYPO3 is prone to an unspecified SQL-injection issue and an unspecified denial-of-services issue because it fails to sufficiently sanitize user-supplied data.
Exploiting the SQL-injection issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Exploiting the denial-of-service issue could prevent legitimate use of the application.
Few details regarding these vulnerabilities are available; we will update this BID when more information emerges.
Versions up to and including SQL Frontend 1.0.11 are vulnerable.