[Typo3] SQL Injection - READ THIS PLEASE.

Ekkehard Gümbel guembel.remove-this at naw.de
Fri Mar 4 10:48:27 CET 2005

Hi everybody,
I am writing this as a preliminary statement from the TYPO3 security team.

The issue has been discussed there yesterday, we are in contact with the 
author of the faulty extension, a fix will be available today.

Also, there will be an Security Announcement on typo3.org on this matter.
That announcement will also be published on the typo3-announce mailing 
list, so in general, everybody is strongly adviced to subscribe to that 
(low-volume + moderated) list!

BTW: The general means for reporting presumed security isues to us will 
be improved shortly anyway, that has been prepared since Kitzbühel.

--> For now, please stop this public discussion ! <--
Everybody is welcome to volunteer in the security team, though :-)


Taylor, Jeff schrieb:
> Has anybody seen this message and reviewed its validity? 
> -----Original Message-----
> From: Fabian Becker [mailto:neonomicus at gmx.de]
> Sent: Thursday, March 03, 2005 12:09 PM
> To: bugtraq at securityfocus.com
> Subject: TYPO3 SQL Injection vunerabilitie
> Hello Bugtraq :)
> Two week ago I found a SQL Inejetion vulnerabilitie in Typo3 (in the
> links-section/module/whatever you call it).

More information about the TYPO3-english mailing list