[Typo3] SQL Injection - READ THIS PLEASE.
guembel.remove-this at naw.de
Fri Mar 4 10:48:27 CET 2005
I am writing this as a preliminary statement from the TYPO3 security team.
The issue has been discussed there yesterday, we are in contact with the
author of the faulty extension, a fix will be available today.
Also, there will be an Security Announcement on typo3.org on this matter.
That announcement will also be published on the typo3-announce mailing
list, so in general, everybody is strongly adviced to subscribe to that
(low-volume + moderated) list!
BTW: The general means for reporting presumed security isues to us will
be improved shortly anyway, that has been prepared since Kitzbühel.
--> For now, please stop this public discussion ! <--
Everybody is welcome to volunteer in the security team, though :-)
Taylor, Jeff schrieb:
> Has anybody seen this message and reviewed its validity?
> -----Original Message-----
> From: Fabian Becker [mailto:neonomicus at gmx.de]
> Sent: Thursday, March 03, 2005 12:09 PM
> To: bugtraq at securityfocus.com
> Subject: TYPO3 SQL Injection vunerabilitie
> Hello Bugtraq :)
> Two week ago I found a SQL Inejetion vulnerabilitie in Typo3 (in the
> links-section/module/whatever you call it).
More information about the TYPO3-english