[TYPO3-english] TYPO3 Security Bulletin TYPO3-SA-2010-022
Krystian Szymukowicz
t33k at prolabium.com
Thu Dec 16 15:54:42 CET 2010
hi
I am not usre where to ask for this.
I can not properly measure the risk of : Vulnerable subcomponent #2: PHP
file inclusion protection API
It says "Because of insufficient validation of user input it is possible
to circumvent the check for executable php files in some cases. "
Where the user input comes from? Standard mailform? Any properly made
GET, POST? Or what other place?
Maybe I am not using this part of core so this bug do not touch my installs?
Can anyone put some light on it ?
--
grtz
Krystian Szymukowicz
More information about the TYPO3-english
mailing list