Hi, If you think you found a security issue in either the core or an extension it's best to contact the Security Team directly and not discuss things in public. [1] https://typo3.org/teams/security/ -- Jigal van Hemert TYPO3 Core Team member TYPO3 .... inspiring people to share! Get involved: typo3.org