SQL Injection in Typo3 Extension "Address List"
CVE-2026-8827
The AddressRepository::getSqlQuery() method constructs a database query without properly sanitizing user input, leading to SQL Injection. The method is not invoked anywhere within the extension itself and therefore poses no direct risk in…
Vulnerability class: SQL Injection
EPSS: 0.000 (12.3th percentile) — read the EPSS interpretation.
Affected products
- Typo3 Extension "Address List" — versions 10.0.0, 9.0.0, 0
Weakness classification (CWE)
References
- f4fb688c-4412-4426-b4b8-421ecf27b14a (vendor-advisory)