Homepage
About Snyk

SQL Injection Affecting t3/dce package, versions >=2.7.0, <2.7.1 >=2.2.0, <2.6.2

0.0
high

Snyk CVSS

    Attack Complexity Low
    Confidentiality High

    Threat Intelligence

    EPSS 0.1% (42nd percentile)
Expand this section
NVD
4.9 medium

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-PHP-T3DCE-1300840
  • published 9 Jun 2021
  • disclosed 8 Jun 2021
  • credit Excellium Services
Report a new vulnerability Found a mistake?

Introduced: 8 Jun 2021

CVE-2021-31777 Open this link in a new tab
CWE-89 Open this link in a new tab

How to fix?

Upgrade t3/dce to version 2.7.1, 2.6.2 or higher.

Overview

t3/dce is a Best flexform based content elements since 2012. With TCA mapping feature, simple backend view and much more features which makes it super easy to create own content element types.

Affected versions of this package are vulnerable to SQL Injection. The extension fails to properly sanitize user input.