← back
CVE-2017-7581

CVE-2017-7581

EPSS 48.4%
Vexday Risk Score
30Low
SSVC decision (CISA)
Attend
PoC available → attend closely
Exploit maturity
Functional exploit
Automatable exploit available (Nuclei/Metasploit).
CVSS EPSS 48.4%KEV nãoPoC Nuclei Metasploit simPatch
Lifecycle
06 Apr 2017Metasploit module available
07 Apr 2017Published on NVD
Recommendation: Plan a near-term fix — a public PoC already exists.
SQL injection vulnerability in NewsController.php in the News module 5.3.2 and earlier for TYPO3 allows unauthenticated users to execute arbitrary SQL commands via vectors involving overwriteDemand for order and OrderByAllowed.
Affected products
n/a · n/a