VYPR
← All advisories
Unrated severityNVD Advisory· Published Jun 27, 2013· Updated Apr 29, 2026

CVE-2013-4720

CVE-2013-4720

Description

SQL injection in TYPO3 WEC Discussion Forum extension allows remote unauthenticated attackers to execute arbitrary SQL commands; fixed in version 2.1.2.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

SQL injection in TYPO3 WEC Discussion Forum extension allows remote unauthenticated attackers to execute arbitrary SQL commands; fixed in version 2.1.2.

Vulnerability

The WEC Discussion Forum extension (wec_discussion) for TYPO3 contains a SQL injection vulnerability in versions 2.1.1 and all versions below. The vulnerability exists through unspecified vectors in the extension's handling of input, allowing an attacker to inject malicious SQL statements.

Exploitation

An attacker can exploit this vulnerability remotely without requiring authentication or any special privileges. By sending crafted input to the vulnerable parameters, the attacker can manipulate SQL queries executed by the extension.

Impact

Successful exploitation allows an attacker to execute arbitrary SQL commands on the underlying database. This can lead to unauthorized reading and modification of data, disclosure of sensitive information, and potentially privilege escalation within the TYPO3 instance.

Mitigation

The vulnerability is fixed in version 2.1.2 of the WEC Discussion Forum extension, which is available from the TYPO3 extension manager and at the extension repository [1]. Users should update to this version immediately. No workaround is provided for versions prior to 2.1.2.

References
  1. Several vulnerabilities in third party extensions

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

12
  • Webempoweredchurch/Wec Discussion11 versions
    cpe:2.3:a:webempoweredchurch:wec_discussion:*:*:*:*:*:*:*:*+ 10 more
    • cpe:2.3:a:webempoweredchurch:wec_discussion:*:*:*:*:*:*:*:*range: <=2.1.1
    • cpe:2.3:a:webempoweredchurch:wec_discussion:1.6.0:*:*:*:*:*:*:*
    • cpe:2.3:a:webempoweredchurch:wec_discussion:1.6.1:*:*:*:*:*:*:*
    • cpe:2.3:a:webempoweredchurch:wec_discussion:1.6.2:*:*:*:*:*:*:*
    • cpe:2.3:a:webempoweredchurch:wec_discussion:1.6.3:*:*:*:*:*:*:*
    • cpe:2.3:a:webempoweredchurch:wec_discussion:1.7.0:*:*:*:*:*:*:*
    • cpe:2.3:a:webempoweredchurch:wec_discussion:2.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:webempoweredchurch:wec_discussion:2.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:webempoweredchurch:wec_discussion:2.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:webempoweredchurch:wec_discussion:2.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:webempoweredchurch:wec_discussion:2.1.0:*:*:*:*:*:*:*
  • TYPO3/Wec Discussion Forumllm-fuzzy
    Range: <2.1.2

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

5

News mentions

0

No linked articles in our index yet.