Wiz
Vulnerability DatabaseCVE-2021-38302

CVE-2021-38302
PHP vulnerability analysis and mitigation

Overview

The Newsletter extension through version 4.0.0 for TYPO3 contains a SQL Injection vulnerability when processing bounced emails. The vulnerability was discovered in August 2021 and assigned CVE-2021-38302. The issue affects all versions up to and including 4.0.0 of the Newsletter extension (Vendor Advisory).

Technical details

The vulnerability is classified as a SQL Injection with a CVSS v3.1 Base Score of 9.8 (CRITICAL) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. The vulnerability is tracked as CWE-89 (Improper Neutralization of Special Elements used in an SQL Command) (NVD).

Impact

The vulnerability could allow an attacker to execute arbitrary SQL commands in the context of the database user when processing bounced emails. This could potentially lead to unauthorized access, modification, or deletion of data in the database (Vendor Advisory).

Mitigation and workarounds

Since the extension is unmaintained, the recommended mitigation is to completely uninstall and delete the extension folder from the TYPO3 installation. Users should search for alternative extensions in the TYPO3 Extension Repository. All vulnerable versions have been removed from the TYPO3 Extension Repository to prevent further downloads (Vendor Advisory).

Additional resources

SourceThis report was generated using AI

Related PHP vulnerabilities:

CVE ID

Severity

Score

Technologies

Component name

CISA KEV exploit

Has fix

Published date

GHSA-898v-775g-777cCRITICAL9.4
  • PHPPHP
  • neuron-core/neuron-ai
NoYesDec 09, 2025
GHSA-5j8p-438x-rgg5CRITICAL9.3
  • PHPPHP
  • onelogin/php-saml
NoYesDec 09, 2025
GHSA-j8g6-5gqc-mq36HIGH8.2
  • PHPPHP
  • neuron-core/neuron-ai
NoYesDec 09, 2025
GHSA-pvcv-q3q7-266gHIGH8.1
  • PHPPHP
  • filament/filament
NoYesDec 09, 2025
GHSA-6w82-v552-wjw2HIGH7.1
  • PHPPHP
  • shopware/shopware
NoYesDec 09, 2025

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

Cloud Threat Landscape

A threat intelligence database

PEACH

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo