CVE-2013-4748: News system (news) extension for TYPO3 vulnerable to SQL Injection

May 17, 2022 (updated April 12, 2025)

SQL injection vulnerability in the News system (news) extension before 1.3.3 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

References

exchange.xforce.ibmcloud.com/vulnerabilities/81192
github.com/advisories/GHSA-rg6g-v4xm-g49q
github.com/georgringer/news
nvd.nist.gov/vuln/detail/CVE-2013-4748
web.archive.org/web/20130214093535/http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-001

Code Behaviors & Features

Detect and mitigate CVE-2013-4748 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →