VYPR
← All advisories
Unrated severityNVD Advisory· Published Apr 19, 2011· Updated Apr 29, 2026

CVE-2011-1722

CVE-2011-1722

Description

SQL injection vulnerabilities in the WEC Discussion Forum TYPO3 extension (wec_discussion) ≤2.1.0 allow remote attackers to execute arbitrary SQL commands.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

SQL injection vulnerabilities in the WEC Discussion Forum TYPO3 extension (wec_discussion) ≤2.1.0 allow remote attackers to execute arbitrary SQL commands.

Vulnerability

The WEC Discussion Forum (wec_discussion) TYPO3 extension version 2.1.0 and earlier contains multiple SQL injection vulnerabilities. The flaw exists in unspecified components of the extension, allowing unsanitized input to be passed directly to SQL queries. The vulnerability was actively exploited in the wild in April 2011 [1].

Exploitation

An attacker can exploit these vulnerabilities remotely without authentication or special privileges. By crafting malicious input to the affected parameters (not publicly specified), they can inject arbitrary SQL commands into the database query. The vector can be triggered via HTTP requests to the forum functionality [1].

Impact

Successful exploitation allows an attacker to execute arbitrary SQL commands against the underlying database, potentially leading to information disclosure, data modification, or further compromise of the TYPO3 installation. The attacker can access, modify, or delete sensitive data stored in the database [1].

Mitigation

The vulnerability is fixed in version 2.1.1 of the extension, released after the in-the-wild exploitation [2]. Users should upgrade to wec_discussion 2.1.1 or later immediately. No official workaround is available for older versions [1].

References
  1. About Secunia Research | Flexera
  2. typo3.org/extensions/repository/view/wec_discussion/2.1.1/

AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

11
  • Webempoweredchurch/Wec Discussion10 versions
    cpe:2.3:a:webempoweredchurch:wec_discussion:*:*:*:*:*:*:*:*+ 9 more
    • cpe:2.3:a:webempoweredchurch:wec_discussion:*:*:*:*:*:*:*:*range: <=2.1.0
    • cpe:2.3:a:webempoweredchurch:wec_discussion:1.6.0:*:*:*:*:*:*:*
    • cpe:2.3:a:webempoweredchurch:wec_discussion:1.6.1:*:*:*:*:*:*:*
    • cpe:2.3:a:webempoweredchurch:wec_discussion:1.6.2:*:*:*:*:*:*:*
    • cpe:2.3:a:webempoweredchurch:wec_discussion:1.6.3:*:*:*:*:*:*:*
    • cpe:2.3:a:webempoweredchurch:wec_discussion:1.7.0:*:*:*:*:*:*:*
    • cpe:2.3:a:webempoweredchurch:wec_discussion:2.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:webempoweredchurch:wec_discussion:2.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:webempoweredchurch:wec_discussion:2.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:webempoweredchurch:wec_discussion:2.0.4:*:*:*:*:*:*:*
  • TYPO3/Wec Discussion Forumllm-fuzzy
    Range: <=2.1.0

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

7

News mentions

0

No linked articles in our index yet.