[Typo3] SQL Injection - READ THIS PLEASE.
news.netfielders.de at stefan-neufeind.de
Fri Mar 4 15:09:21 CET 2005
Ekkehard Gümbel wrote:
> Cross-Post, FYI
> TYPO3 Security Announcement
> Date: Fri Mar 4 14:20:59 CET 2005
> Affected Extension Name: cmw_linklist
> Version: 1.4.1 and earlier
> Component Type: Third Party Extension
> This extension is third party code that has not been submitted to the
> TYPO3 extension review process yet.
> The extension is not part of TYPO3 default installations.
> Vulnerability Type: SQL injection
> Severity: High
> Problem Description:
> An issue has been reported where a bug in the "cmw_linklist"
> extension allows SQL injection attacks. In specific situations, a
> remote offender can cause malicious database operations.
> An updated version of the extension can be found on
> http://typo3.org/extensions/repository/list/cmw_linklist/ or via
> Extension Manager.
> All users of this extension are strongly advised to immediatly update
> this extension.
For reference - it was also announced here:
More information about the TYPO3-english