CVE-2017-7581
CVE-2017-7581
Vexday Risk Score
30Low
SSVC decision (CISA)
Attend
PoC available → attend closely
Exploit maturity
Functional exploit
Automatable exploit available (Nuclei/Metasploit).
CVSS —EPSS 48.4%KEV nãoPoC —Nuclei —Metasploit simPatch —
Lifecycle
06 Apr 2017Metasploit module available
07 Apr 2017Published on NVD
Recommendation: Plan a near-term fix — a public PoC already exists.
SQL injection vulnerability in NewsController.php in the News module 5.3.2 and earlier for TYPO3 allows unauthenticated users to execute arbitrary SQL commands via vectors involving overwriteDemand for order and OrderByAllowed.
Affected products
n/a · n/a