[Typo3] SQL Injection - READ THIS PLEASE.

Ekkehard Gümbel guembel.remove-this at naw.de
Fri Mar 4 15:06:33 CET 2005


Cross-Post, FYI

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

TYPO3 Security Announcement

TYPO3-20050304-1
Date: Fri Mar  4 14:20:59 CET 2005

Affected Extension Name: cmw_linklist
Version: 1.4.1 and earlier
Component Type: Third Party Extension
This extension is third party code that has not been submitted to the
TYPO3 extension review process yet.
The extension is not part of TYPO3 default installations.

Vulnerability Type: SQL injection
Severity: High

Problem Description:
An issue has been reported where a bug in the "cmw_linklist"
extension allows SQL injection attacks. In specific situations, a
remote offender can cause malicious database operations.

Solution:
An updated version of the extension can be found on
http://typo3.org/extensions/repository/list/cmw_linklist/ or via
Extension Manager.
All users of this extension are strongly advised to immediatly update
this extension.

Regards,
Ekkehard Guembel
TYPO3 Security Team



This information comes with ABSOLUTELY NO WARRANTY.

-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Security 7.0.3

iQA/AwUBQihj96Tmi1gh+z/VEQKFLgCgpxNOjkVjdY56PsfbTyE1bc/E64IAoLUh
gCbmtuN2722sJEBC0cko9xuG
=ZWni
-----END PGP SIGNATURE-----



More information about the TYPO3-english mailing list