Vulnerabilites related to kevin_renskers - dmmjobcontrol
CVE-2014-7201 (GCVE-0-2014-7201)
Vulnerability from cvelistv5
Published
2014-10-10 14:00
Modified
2024-08-06 12:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple SQL injection vulnerabilities in the search function in pi1/class.tx_dmmjobcontrol_pi1.php in the JobControl (dmmjobcontrol) extension 2.14.0 and earlier for TYPO3 allow remote attackers to execute arbitrary SQL commands via the (1) education, (2) region, or (3) sector fields, as demonstrated by the tx_dmmjobcontrol_pi1[search][sector][] parameter to jobs/.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:40:19.058Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/128446/Typo3-JobControl-2.14.0-Cross-Site-Scripting-SQL-Injection.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mogwaisecurity.de/advisories/MSA-2014-02.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-012"
},
{
"name": "70155",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/70155"
},
{
"name": "20140925 MSA-2014-02: Typo3 Extension dmmjobcontrol Multiple Vulnerabilities (typo3-ext-sa-2014-012)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Sep/89"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in the search function in pi1/class.tx_dmmjobcontrol_pi1.php in the JobControl (dmmjobcontrol) extension 2.14.0 and earlier for TYPO3 allow remote attackers to execute arbitrary SQL commands via the (1) education, (2) region, or (3) sector fields, as demonstrated by the tx_dmmjobcontrol_pi1[search][sector][] parameter to jobs/."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-10-10T13:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/128446/Typo3-JobControl-2.14.0-Cross-Site-Scripting-SQL-Injection.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mogwaisecurity.de/advisories/MSA-2014-02.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-012"
},
{
"name": "70155",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/70155"
},
{
"name": "20140925 MSA-2014-02: Typo3 Extension dmmjobcontrol Multiple Vulnerabilities (typo3-ext-sa-2014-012)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Sep/89"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-7201",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in the search function in pi1/class.tx_dmmjobcontrol_pi1.php in the JobControl (dmmjobcontrol) extension 2.14.0 and earlier for TYPO3 allow remote attackers to execute arbitrary SQL commands via the (1) education, (2) region, or (3) sector fields, as demonstrated by the tx_dmmjobcontrol_pi1[search][sector][] parameter to jobs/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/128446/Typo3-JobControl-2.14.0-Cross-Site-Scripting-SQL-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/128446/Typo3-JobControl-2.14.0-Cross-Site-Scripting-SQL-Injection.html"
},
{
"name": "https://www.mogwaisecurity.de/advisories/MSA-2014-02.txt",
"refsource": "MISC",
"url": "https://www.mogwaisecurity.de/advisories/MSA-2014-02.txt"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-012",
"refsource": "MISC",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-012"
},
{
"name": "70155",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70155"
},
{
"name": "20140925 MSA-2014-02: Typo3 Extension dmmjobcontrol Multiple Vulnerabilities (typo3-ext-sa-2014-012)",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Sep/89"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-7201",
"datePublished": "2014-10-10T14:00:00",
"dateReserved": "2014-09-26T00:00:00",
"dateUpdated": "2024-08-06T12:40:19.058Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-6689 (GCVE-0-2008-6689)
Vulnerability from cvelistv5
Published
2009-04-10 15:00
Modified
2024-08-07 11:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
SQL injection vulnerability in JobControl (dmmjobcontrol) 1.15.0 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:41:59.564Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "46386",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/46386"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/"
},
{
"name": "dmmjobcontrol-unspecified-sql-injection(43204)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43204"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in JobControl (dmmjobcontrol) 1.15.0 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "46386",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/46386"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/"
},
{
"name": "dmmjobcontrol-unspecified-sql-injection(43204)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43204"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6689",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in JobControl (dmmjobcontrol) 1.15.0 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "46386",
"refsource": "OSVDB",
"url": "http://osvdb.org/46386"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/"
},
{
"name": "dmmjobcontrol-unspecified-sql-injection(43204)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43204"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6689",
"datePublished": "2009-04-10T15:00:00",
"dateReserved": "2009-04-10T00:00:00",
"dateUpdated": "2024-08-07T11:41:59.564Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-6688 (GCVE-0-2008-6688)
Vulnerability from cvelistv5
Published
2009-04-10 15:00
Modified
2024-08-07 11:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in JobControl (dmmjobcontrol) 1.15.0 and earlier extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T11:41:58.969Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "46385",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/46385"
},
{
"name": "29828",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29828"
},
{
"name": "dmmjobcontrol-unspecified-xss(43202)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43202"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in JobControl (dmmjobcontrol) 1.15.0 and earlier extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "46385",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/46385"
},
{
"name": "29828",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29828"
},
{
"name": "dmmjobcontrol-unspecified-xss(43202)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43202"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-6688",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in JobControl (dmmjobcontrol) 1.15.0 and earlier extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "46385",
"refsource": "OSVDB",
"url": "http://osvdb.org/46385"
},
{
"name": "29828",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29828"
},
{
"name": "dmmjobcontrol-unspecified-xss(43202)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43202"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/",
"refsource": "CONFIRM",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-6688",
"datePublished": "2009-04-10T15:00:00",
"dateReserved": "2009-04-10T00:00:00",
"dateUpdated": "2024-08-07T11:41:58.969Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-7200 (GCVE-0-2014-7200)
Vulnerability from cvelistv5
Published
2014-10-10 14:00
Modified
2024-08-06 12:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in pi1/class.tx_dmmjobcontrol_pi1.php in the JobControl (dmmjobcontrol) extension 2.14.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via the tx_dmmjobcontrol_pi1[search][keyword] parameter to jobs/.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T12:40:19.088Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/128446/Typo3-JobControl-2.14.0-Cross-Site-Scripting-SQL-Injection.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.mogwaisecurity.de/advisories/MSA-2014-02.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-012"
},
{
"name": "70155",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/70155"
},
{
"name": "20140925 MSA-2014-02: Typo3 Extension dmmjobcontrol Multiple Vulnerabilities (typo3-ext-sa-2014-012)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Sep/89"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in pi1/class.tx_dmmjobcontrol_pi1.php in the JobControl (dmmjobcontrol) extension 2.14.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via the tx_dmmjobcontrol_pi1[search][keyword] parameter to jobs/."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-10-10T13:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/128446/Typo3-JobControl-2.14.0-Cross-Site-Scripting-SQL-Injection.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.mogwaisecurity.de/advisories/MSA-2014-02.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-012"
},
{
"name": "70155",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/70155"
},
{
"name": "20140925 MSA-2014-02: Typo3 Extension dmmjobcontrol Multiple Vulnerabilities (typo3-ext-sa-2014-012)",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Sep/89"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-7200",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in pi1/class.tx_dmmjobcontrol_pi1.php in the JobControl (dmmjobcontrol) extension 2.14.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via the tx_dmmjobcontrol_pi1[search][keyword] parameter to jobs/."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/128446/Typo3-JobControl-2.14.0-Cross-Site-Scripting-SQL-Injection.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/128446/Typo3-JobControl-2.14.0-Cross-Site-Scripting-SQL-Injection.html"
},
{
"name": "https://www.mogwaisecurity.de/advisories/MSA-2014-02.txt",
"refsource": "MISC",
"url": "https://www.mogwaisecurity.de/advisories/MSA-2014-02.txt"
},
{
"name": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-012",
"refsource": "MISC",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-012"
},
{
"name": "70155",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70155"
},
{
"name": "20140925 MSA-2014-02: Typo3 Extension dmmjobcontrol Multiple Vulnerabilities (typo3-ext-sa-2014-012)",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Sep/89"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-7200",
"datePublished": "2014-10-10T14:00:00",
"dateReserved": "2014-09-26T00:00:00",
"dateUpdated": "2024-08-06T12:40:19.088Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2014-10-10 14:55
Modified
2025-04-12 10:46
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in pi1/class.tx_dmmjobcontrol_pi1.php in the JobControl (dmmjobcontrol) extension 2.14.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via the tx_dmmjobcontrol_pi1[search][keyword] parameter to jobs/.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| kevin_renskers | dmmjobcontrol | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kevin_renskers:dmmjobcontrol:*:*:*:*:*:typo3:*:*",
"matchCriteriaId": "83DB6248-22CE-45D5-BA15-9A5915F405AA",
"versionEndIncluding": "2.14.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in pi1/class.tx_dmmjobcontrol_pi1.php in the JobControl (dmmjobcontrol) extension 2.14.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web script or HTML via the tx_dmmjobcontrol_pi1[search][keyword] parameter to jobs/."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en pi1/class.tx_dmmjobcontrol_pi1.php en la extensi\u00f3n JobControl (dmmjobcontrol) 2.14.0 y anteriores para TYPO3 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s del par\u00e1metro tx_dmmjobcontrol_pi1[search][keyword] en jobs/."
}
],
"id": "CVE-2014-7200",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2014-10-10T14:55:09.527",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/128446/Typo3-JobControl-2.14.0-Cross-Site-Scripting-SQL-Injection.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2014/Sep/89"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-012"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/70155"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://www.mogwaisecurity.de/advisories/MSA-2014-02.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/128446/Typo3-JobControl-2.14.0-Cross-Site-Scripting-SQL-Injection.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2014/Sep/89"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-012"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/70155"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://www.mogwaisecurity.de/advisories/MSA-2014-02.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-04-10 22:00
Modified
2025-04-09 00:30
Severity ?
Summary
SQL injection vulnerability in JobControl (dmmjobcontrol) 1.15.0 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kevin_renskers:dmmjobcontrol:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3B2E2639-9974-4C2A-903D-C386AB55AC44",
"versionEndIncluding": "1.15.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kevin_renskers:dmmjobcontrol:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "421912BF-3882-49E2-9BB2-59ED296F6306",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kevin_renskers:dmmjobcontrol:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9CF86D2B-F508-4C67-B356-B46D211E2973",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kevin_renskers:dmmjobcontrol:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A5D9EE8D-0880-4184-8EF9-F3BA19534351",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kevin_renskers:dmmjobcontrol:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0E2F34F6-CC59-44D0-BAED-524186126D0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kevin_renskers:dmmjobcontrol:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0497203C-464D-43F2-B5EF-70D4D0CF14FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kevin_renskers:dmmjobcontrol:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FB0B7DF0-E1A0-425C-AE30-50B6446258E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kevin_renskers:dmmjobcontrol:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DF65F5BB-4B50-4C84-8911-B9C6278CFB7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kevin_renskers:dmmjobcontrol:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1BD95041-6C13-4077-92F8-941F3FE16348",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kevin_renskers:dmmjobcontrol:1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "018B9765-EF07-41FE-894B-B515C8892FDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kevin_renskers:dmmjobcontrol:1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3347C94C-B734-4853-A886-4A4C81B1E68A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kevin_renskers:dmmjobcontrol:1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "27663404-9323-48F1-9F66-38B3AFFBE1C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kevin_renskers:dmmjobcontrol:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "153A869A-9140-4B26-AD9E-5C9949E4A38D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kevin_renskers:dmmjobcontrol:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A9C9ABAB-3012-427E-9F4A-AB130ED5E9DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kevin_renskers:dmmjobcontrol:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "787E56B3-1BBB-4923-A475-14D0B0C9F954",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kevin_renskers:dmmjobcontrol:1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "ADB635ED-5537-42FF-B1A3-7CFAFD3E1E59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kevin_renskers:dmmjobcontrol:1.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "50259F6C-1FD5-45F3-80E8-745D9DF1678C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kevin_renskers:dmmjobcontrol:1.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "21C8D317-9996-4B61-B4D4-728D9BACF22D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kevin_renskers:dmmjobcontrol:1.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "703F79E1-F353-4852-A0CD-128FE51CBE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kevin_renskers:dmmjobcontrol:1.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "90432F4B-6805-4714-AAB9-D567E0AA24EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kevin_renskers:dmmjobcontrol:1.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BB108D53-38D1-4F2A-A421-4265803A678B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kevin_renskers:dmmjobcontrol:1.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CD19DDF6-C097-4192-A47F-0817AC387F9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kevin_renskers:dmmjobcontrol:1.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E2F8E2E1-FB6B-4AE8-9EE7-5D7C1E76125B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kevin_renskers:dmmjobcontrol:1.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D92196FA-F26F-4CDC-A506-60EBE1EB48F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kevin_renskers:dmmjobcontrol:1.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7177D6BD-7925-4A6C-A404-AF3ED3436794",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kevin_renskers:dmmjobcontrol:1.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "17C0C155-BEFF-42EC-90F8-CDC5E808B5A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kevin_renskers:dmmjobcontrol:1.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A6A2F3FE-AEF3-4FD6-928C-72DC70ABB4C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kevin_renskers:dmmjobcontrol:1.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BB8986C5-9AB4-4D16-8A1B-DDD1915ACA50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kevin_renskers:dmmjobcontrol:1.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "23AD0874-BD63-4E26-90FF-019E3900F28E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kevin_renskers:dmmjobcontrol:1.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3B72E7EC-D147-428A-AA91-B4842FED45B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kevin_renskers:dmmjobcontrol:1.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F694249-2EBB-4B34-A518-4DF97E3100E6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in JobControl (dmmjobcontrol) 1.15.0 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unknown vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en JobControl (dmmjobcontrol) v1.15.0 y anteriores (extensi\u00f3n para TYPO3) permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s de vectores desconocidos.\r\n"
}
],
"id": "CVE-2008-6689",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-04-10T22:00:00.313",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/46386"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43204"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/46386"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43204"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-04-10 22:00
Modified
2025-04-09 00:30
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in JobControl (dmmjobcontrol) 1.15.0 and earlier extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kevin_renskers:dmmjobcontrol:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3B2E2639-9974-4C2A-903D-C386AB55AC44",
"versionEndIncluding": "1.15.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kevin_renskers:dmmjobcontrol:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "421912BF-3882-49E2-9BB2-59ED296F6306",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kevin_renskers:dmmjobcontrol:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9CF86D2B-F508-4C67-B356-B46D211E2973",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kevin_renskers:dmmjobcontrol:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A5D9EE8D-0880-4184-8EF9-F3BA19534351",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kevin_renskers:dmmjobcontrol:1.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0E2F34F6-CC59-44D0-BAED-524186126D0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kevin_renskers:dmmjobcontrol:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0497203C-464D-43F2-B5EF-70D4D0CF14FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kevin_renskers:dmmjobcontrol:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FB0B7DF0-E1A0-425C-AE30-50B6446258E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kevin_renskers:dmmjobcontrol:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DF65F5BB-4B50-4C84-8911-B9C6278CFB7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kevin_renskers:dmmjobcontrol:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1BD95041-6C13-4077-92F8-941F3FE16348",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kevin_renskers:dmmjobcontrol:1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "018B9765-EF07-41FE-894B-B515C8892FDB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kevin_renskers:dmmjobcontrol:1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3347C94C-B734-4853-A886-4A4C81B1E68A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kevin_renskers:dmmjobcontrol:1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "27663404-9323-48F1-9F66-38B3AFFBE1C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kevin_renskers:dmmjobcontrol:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "153A869A-9140-4B26-AD9E-5C9949E4A38D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kevin_renskers:dmmjobcontrol:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A9C9ABAB-3012-427E-9F4A-AB130ED5E9DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kevin_renskers:dmmjobcontrol:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "787E56B3-1BBB-4923-A475-14D0B0C9F954",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kevin_renskers:dmmjobcontrol:1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "ADB635ED-5537-42FF-B1A3-7CFAFD3E1E59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kevin_renskers:dmmjobcontrol:1.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "50259F6C-1FD5-45F3-80E8-745D9DF1678C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kevin_renskers:dmmjobcontrol:1.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "21C8D317-9996-4B61-B4D4-728D9BACF22D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kevin_renskers:dmmjobcontrol:1.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "703F79E1-F353-4852-A0CD-128FE51CBE97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kevin_renskers:dmmjobcontrol:1.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "90432F4B-6805-4714-AAB9-D567E0AA24EC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kevin_renskers:dmmjobcontrol:1.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "BB108D53-38D1-4F2A-A421-4265803A678B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kevin_renskers:dmmjobcontrol:1.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CD19DDF6-C097-4192-A47F-0817AC387F9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kevin_renskers:dmmjobcontrol:1.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E2F8E2E1-FB6B-4AE8-9EE7-5D7C1E76125B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kevin_renskers:dmmjobcontrol:1.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D92196FA-F26F-4CDC-A506-60EBE1EB48F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kevin_renskers:dmmjobcontrol:1.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7177D6BD-7925-4A6C-A404-AF3ED3436794",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kevin_renskers:dmmjobcontrol:1.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "17C0C155-BEFF-42EC-90F8-CDC5E808B5A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kevin_renskers:dmmjobcontrol:1.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A6A2F3FE-AEF3-4FD6-928C-72DC70ABB4C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kevin_renskers:dmmjobcontrol:1.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BB8986C5-9AB4-4D16-8A1B-DDD1915ACA50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kevin_renskers:dmmjobcontrol:1.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "23AD0874-BD63-4E26-90FF-019E3900F28E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kevin_renskers:dmmjobcontrol:1.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3B72E7EC-D147-428A-AA91-B4842FED45B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kevin_renskers:dmmjobcontrol:1.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F694249-2EBB-4B34-A518-4DF97E3100E6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in JobControl (dmmjobcontrol) 1.15.0 and earlier extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en JobControl (dmmjobcontrol) v1.15.0 y anteriores (extensi\u00f3n para TYPO3) permite a usuarios remotos inyectar de forma arbitraria secuencias de comandos web o HTML a trav\u00e9s de vectores no especificados."
}
],
"id": "CVE-2008-6688",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2009-04-10T22:00:00.297",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/46385"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/29828"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43202"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/46385"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://typo3.org/teams/security/security-bulletins/typo3-20080619-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/29828"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43202"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-10-10 14:55
Modified
2025-04-12 10:46
Severity ?
Summary
Multiple SQL injection vulnerabilities in the search function in pi1/class.tx_dmmjobcontrol_pi1.php in the JobControl (dmmjobcontrol) extension 2.14.0 and earlier for TYPO3 allow remote attackers to execute arbitrary SQL commands via the (1) education, (2) region, or (3) sector fields, as demonstrated by the tx_dmmjobcontrol_pi1[search][sector][] parameter to jobs/.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| kevin_renskers | dmmjobcontrol | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kevin_renskers:dmmjobcontrol:*:*:*:*:*:typo3:*:*",
"matchCriteriaId": "83DB6248-22CE-45D5-BA15-9A5915F405AA",
"versionEndIncluding": "2.14.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in the search function in pi1/class.tx_dmmjobcontrol_pi1.php in the JobControl (dmmjobcontrol) extension 2.14.0 and earlier for TYPO3 allow remote attackers to execute arbitrary SQL commands via the (1) education, (2) region, or (3) sector fields, as demonstrated by the tx_dmmjobcontrol_pi1[search][sector][] parameter to jobs/."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en la funci\u00f3n de b\u00fasqueda en pi1/class.tx_dmmjobcontrol_pi1.php en la extensi\u00f3n JobControl (dmmjobcontrol) 2.14.0 y anteriores para TYPO3 permiten a atacantes remotos ejecutar comandos SQL arbitrarios a trav\u00e9s de los campos (1) education, (2) region, o (3) sector, tal y como fue demostrado por el par\u00e1metro tx_dmmjobcontrol_pi1[search][sector][] en jobs/."
}
],
"id": "CVE-2014-7201",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-10-10T14:55:09.573",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/128446/Typo3-JobControl-2.14.0-Cross-Site-Scripting-SQL-Injection.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2014/Sep/89"
},
{
"source": "cve@mitre.org",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-012"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/70155"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://www.mogwaisecurity.de/advisories/MSA-2014-02.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/128446/Typo3-JobControl-2.14.0-Cross-Site-Scripting-SQL-Injection.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2014/Sep/89"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-012"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/70155"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://www.mogwaisecurity.de/advisories/MSA-2014-02.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}