N/A

Multiple SQL injection vulnerabilities in the search function in pi1/class.tx_dmmjobcontrol_pi1.php in the JobControl (dmmjobcontrol) extension 2.14.0 and earlier for TYPO3 allow remote attackers to execute arbitrary SQL commands via the (1) education, (2) region, or (3) sector fields, as demonstrated by the tx_dmmjobcontrol_pi1[search][sector][] parameter to jobs/.

N/A

N/A

TYPO3 JobControl扩展SQL注入漏洞

TYPO3是瑞士TYPO3协会维护的一套免费开源的内容管理系统(框架)(CMS/CMF)。JobControl（也称dmmjobcontrol）是其中的一个用于在网站中显示空缺职位的扩展插件。 TYPO3 JobControl(dmmjobcontrol)扩展2.14.0及之前版本的pi1/class.tx_dmmjobcontrol_pi1.php脚本中的‘search’函数中存在SQL注入漏洞。远程攻击者可借助‘education’、‘region’或‘sector’字段利用该漏洞执行任意SQL命令。

N/A

N/A