SQL Injection Affecting t3/dce package, versions >=2.7.0, <2.7.1 >=2.2.0, <2.6.2
Snyk CVSS
Attack Complexity
Low
Confidentiality
High
Threat Intelligence
EPSS
0.1% (42nd
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-PHP-T3DCE-1300840
- published 9 Jun 2021
- disclosed 8 Jun 2021
- credit Excellium Services
Introduced: 8 Jun 2021
CVE-2021-31777 Open this link in a new tabHow to fix?
Upgrade t3/dce
to version 2.7.1, 2.6.2 or higher.
Overview
t3/dce is a Best flexform based content elements since 2012. With TCA mapping feature, simple backend view and much more features which makes it super easy to create own content element types.
Affected versions of this package are vulnerable to SQL Injection. The extension fails to properly sanitize user input.