[TYPO3-UG Spain] possible sql injection on extension indexedsearch
Nerea Munguira
n.munguira at sarenet.es
Thu Jun 20 16:37:43 CEST 2013
Good afternoon,
After testing with SW IBM Security AppScan Standard 8.7.0.0, there seems to exist a Blind SQL Injection vulnerability in entity “ tx_indexedsearch[sword] (Parameter)” under Typo3 version 4.6.18 extension “Indexed Search Engine 2.13.0” . Would you please kindly advise us whether this is in effect possible? Have you detected such a case in any prior occasion?
Thanking you in advance for your support,
Regards,
More information about the TYPO3-UG-Spain
mailing list