CVE-2022-35628
published 2022-07-12CVE-2022-35628: A SQL injection issue was discovered in the lux extension before 17.6.1, and 18.x through 24.x before 24.0.2, for TYPO3.
PriorityP268critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
25.82%
97.7th percentile
A SQL injection issue was discovered in the lux extension before 17.6.1, and 18.x through 24.x before 24.0.2, for TYPO3.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| in2code | living_user_experience | < 17.6.1 | 17.6.1 |
| in2code | living_user_experience | >= 18.0.0 < 24.0.2 | 24.0.2 |
| in2code | lux | >= 0 < 17.6.1 | 17.6.1 |
| in2code | lux | >= 18.0.0 < 24.0.2 | 24.0.2 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
SQL Injection in typo3 extension "LUX - TYPO3 Marketing Automation"
ghsa·2022-07-15
CVE-2022-35628 [CRITICAL] CWE-89 SQL Injection in typo3 extension "LUX - TYPO3 Marketing Automation"
SQL Injection in typo3 extension "LUX - TYPO3 Marketing Automation"
A SQL injection issue was discovered in the lux extension before 17.6.1, and 18.x through 24.x before 24.0.2, for TYPO3.
OSV
SQL Injection in typo3 extension "LUX - TYPO3 Marketing Automation"
osv·2022-07-15
CVE-2022-35628 [CRITICAL] SQL Injection in typo3 extension "LUX - TYPO3 Marketing Automation"
SQL Injection in typo3 extension "LUX - TYPO3 Marketing Automation"
A SQL injection issue was discovered in the lux extension before 17.6.1, and 18.x through 24.x before 24.0.2, for TYPO3.
Suricata
ET HUNTING Microsoft Windows MSHTML Platform Remote Code Execution (CVE-2023-35628)
suricata·2025-01-21·CVSS 8.1
CVE-2023-35628 [HIGH] ET HUNTING Microsoft Windows MSHTML Platform Remote Code Execution (CVE-2023-35628)
ET HUNTING Microsoft Windows MSHTML Platform Remote Code Execution (CVE-2023-35628)
Rule: alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET HUNTING Microsoft Windows MSHTML Platform Remote Code Execution (CVE-2023-35628)"; flow:established,to_client; http.response_body; content:"file|3a 2f 2f 2e 2f|UNC|2f|C|3a 2f|"; reference:url,www.akamai.com/blog/security-research/critical-vulnerability-create-uri-remote-code-execution; reference:cve,2023-35628; classtype:bad-unknown; sid:2059362; rev:1; metadata:affected_product Windows_11, affected_product Windows_Server_2019, affected_product Windows_Server_2022, affected_product Windows_Server_2016, affected_product Windows_10, affected_product Windows_Server_2012, attack_target Client_Endpoint, tls_state TLSDecrypt, created_at 2025_01_21, cve
No public exploits indexed.
No writeups or analysis indexed.
2022-07-12
Published