[TYPO3-UG Spain] possible sql injection on extension indexedsearch
Olivier Dobberkau
olivier.dobberkau at dkd.de
Thu Jun 20 21:19:12 CEST 2013
Am 20.06.13 16:37, schrieb Nerea Munguira:
> Good afternoon,
>
> After testing with SW IBM Security AppScan Standard 8.7.0.0, there seems to exist a Blind SQL Injection vulnerability in entity “ tx_indexedsearch[sword] (Parameter)” under Typo3 version 4.6.18 extension “Indexed Search Engine 2.13.0” . Would you please kindly advise us whether this is in effect possible? Have you detected such a case in any prior occasion?
>
> Thanking you in advance for your support,
> Regards,
Please do not discus security matters in mailinglists. if you are
thinking that you need advice please check with the TYPO3 CMS Security Team.
http://typo3.org/teams/security/
http://typo3.org/teams/security/contact-us/
best greetings,
Olivier
More information about the TYPO3-UG-Spain
mailing list