[Typo3] SQL Injection

[Michael Scharkow]

Michael Scharkow wrote:

> 1. Announce the vulnerability in public without the details, so I may 
> shut down the Extension or react in other appropriate ways.

Given the the difficulties in judging how much to reveal, it's probably 
doing more harm than not revealing it (although blackhats _do_ get the 
information anyway). So stucki and JoH convinced me ;)

Ekkehard: Replying to myself is not intended as continuing the discussion ;)

Greetings,
Michael