[TYPO3-dev] [ANN] TYPO3 Security Bulletin TYPO3-20061220-1: Remote Command Execution in TYPO3

[Jonas Dübi]

Hello Martin

I think so, because the vulnerability can be exploited as soon as all 
the needed php files are available. That's why you have to check if 
there is an old version of rtehtmlarea in typo3/ext or typo3/sysext, 
even if you updated the rtehtmlarea within typo3conf/ext.

Greetings from switzerland
Jonas

Martin Ficzel schrieb:
> is it also recommended to delete unused (not symlinked) versions of the
> typo3 source wich are on the webserver ?
> 
> regards Martin