[TYPO3-dev] TYPO3 Security Bulletin 20070221-1: Email header injection
Tom Walter
t3 at wnets.de
Wed Feb 21 22:07:15 CET 2007
Lars Houmark schrieb:
> A problem has been discovered where the internal form engine can be used
> for sending arbitrary mail headers, using it for purposes which it is
> not meant for.
> ==== Severity ====
> low
>
> ==== Solution ====
> Update to TYPO3 version 4.0.5 or later by downloading it at:
> http://typo3.org/download/packages/
Thanks for those discovering and fixing this issue.
Are there any ways to fix this issue in older versions without upgrading
to 4.05 ? (like the rte-fix in December 2006 which was provided for
different versions)
Could you explain the risk a bit more specific?
What consequences could a attack have when you rate it with severity low ?
Thanks,
Tom
More information about the TYPO3-dev
mailing list