typo3/cms is vulnerable to SQL injection. The vulnerability is due to a flaw in the database escaping API when configured for MySQL passthrough mode, which affects all queries using DatabaseConnection::sql_query, even if arguments were properly escaped with…Read More