CVE-2022-35628: SQL Injection
First published: Tue Jun 14 2022(Updated: )
TYPO3-EXT-SA-2022-014: SQL Injection in extension "LUX - TYPO3 Marketing Automation" (lux)
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| composer/in2code/lux | >=18.0.0<24.0.2<17.6.1 | |
| In2code Living User Experience | <17.6.1 | |
| In2code Living User Experience | >=18.0.0<24.0.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2022-35628?
CVE-2022-35628 is classified as a high severity SQL injection vulnerability that can lead to unauthorized access to the database.
How do I fix CVE-2022-35628?
To fix CVE-2022-35628, upgrade the 'lux' extension to version 17.6.1 or higher, or version 24.0.2 or higher.
Which versions are affected by CVE-2022-35628?
CVE-2022-35628 affects 'lux' extension versions prior to 17.6.1 and between 18.0.0 and 24.0.1.
What is the impact of CVE-2022-35628?
The impact of CVE-2022-35628 includes potential data leakage and unauthorized manipulation of the TYPO3 database.
Was CVE-2022-35628 publicly disclosed?
Yes, CVE-2022-35628 was publicly disclosed as part of TYPO3 security advisory TYPO3-EXT-SA-2022-014.
- collector/friends-of-php
- collector/nvd-index
- agent/references
- package-manager/composer
- vendor/in2code
- canonical/in2code living user experience
- version/in2code living user experience/18.0.0