[Typo3] SQL Injection - READ THIS PLEASE.

Stefan Neufeind news.netfielders.de at stefan-neufeind.de
Fri Mar 4 15:09:21 CET 2005


Ekkehard Gümbel wrote:
> Cross-Post, FYI
> 
> TYPO3 Security Announcement
> 
> TYPO3-20050304-1
> Date: Fri Mar  4 14:20:59 CET 2005
> 
> Affected Extension Name: cmw_linklist
> Version: 1.4.1 and earlier
> Component Type: Third Party Extension
> This extension is third party code that has not been submitted to the
> TYPO3 extension review process yet.
> The extension is not part of TYPO3 default installations.
> 
> Vulnerability Type: SQL injection
> Severity: High
> 
> Problem Description:
> An issue has been reported where a bug in the "cmw_linklist"
> extension allows SQL injection attacks. In specific situations, a
> remote offender can cause malicious database operations.
> 
> Solution:
> An updated version of the extension can be found on
> http://typo3.org/extensions/repository/list/cmw_linklist/ or via
> Extension Manager.
> All users of this extension are strongly advised to immediatly update
> this extension.

For reference - it was also announced here:
http://secunia.com/advisories/14465/


Regards,
 Stefan



More information about the TYPO3-english mailing list