CVE-2026-8827 – SQL Injection in extension “Address List” (tt_address)

CVE ID :CVE-2026-8827

Published : May 19, 2026, 10:16 a.m. | 44 minutes ago

Description :The AddressRepository::getSqlQuery() method constructs a database query without properly sanitizing user input, leading to SQL Injection. The method is not invoked anywhere within the extension itself and therefore poses no direct risk in a default installation. However, custom extensions that call this method with untrusted input would expose the site to SQL injection.

Severity: 8.2 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…