NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2026-8726

Summary	The extension fails to properly sanitize user input before using it in a database query. As a result, an unauthenticated attacker can inject arbitrary SQL through a URL parameter on pages using the "Date Menu of news articles" plugin. Exploitation requires the "Date Menu of news articles" plugin to be in use and the TypoScript/Plugin setting disableOverrideDemand not to be enabled.
Publication Date	May 19, 2026, 7:16 p.m.
Registration Date	May 20, 2026, 4:12 a.m.
Last Update	May 19, 2026, 11:47 p.m.

Related information, measures and tools

No	URL	refsource	タグ
1	https://typo3.org/security/advisory/typo3-ext-sa-2026-010	f4fb688c-4412-4426-b4b8-421ecf27b14a

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-89	SQLインジェクション	https://cwe.mitre.org/data/definitions/89.html