Back to search
CVE-2026-8827
Published: May 19, 2026
Modified: May 19, 2026
PUBLISHED
Description
The AddressRepository::getSqlQuery() method constructs a database query without properly sanitizing user input, leading to SQL Injection. The method is not invoked anywhere within the extension itself and therefore poses no direct risk in a default installation. However, custom extensions that call this method with untrusted input would expose the site to SQL injection.
| Vendor | Product | Versions |
|---|---|---|
TYPO3 | Extension "Address List" | affected 10.0.0 - < 10.0.1affected 9.0.0 - < 9.1.1affected 0 - < 8.1.2 |
Weaknesses (CWE)
References
https://typo3.org/security/advisory/typo3-ext-sa-2026-012
vendor-advisory
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now