What is CVE-2017-7581?

CVE-2017-7581 is a critical-severity vulnerability in News_system_project News_system, classified under SQL Injection. CVSS score: 9.8/10. Published 2017-04-07.

How severe is CVE-2017-7581?

Critical severity. CVSS v3 base score is 9.8 out of 10.

Is CVE-2017-7581 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

SQL Injection in News_system_project News_system

CVE-2017-7581

SQL injection vulnerability in NewsController.php in the News module 5.3.2 and earlier for TYPO3 allows unauthenticated users to execute arbitrary SQL commands via vectors involving overwriteDemand for order and OrderByAllowed.

Vulnerability class: SQL Injection

EPSS: 0.645 (98.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

News_system_project News_system
N/a — versions n/a

Weakness classification (CWE)

CWE-89 — SQL Injection

Public proof-of-concept exploits

References

cve@mitre.org (Technical Description, Exploit, Patch, Third Party Advisory, x_refsource_MISC)

Frequently asked questions

What is CVE-2017-7581?: CVE-2017-7581 is a critical-severity vulnerability in News_system_project News_system, classified under SQL Injection. CVSS score: 9.8/10. Published 2017-04-07.
How severe is CVE-2017-7581?: Critical severity. CVSS v3 base score is 9.8 out of 10.
Is CVE-2017-7581 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.