[Typo3-announce] Security Bulletin TYPO3-20051107-2: th_mailformplus
Ekkehard Gümbel
ekki at typo3.org
Mon Nov 7 16:51:43 CET 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Security Bulletin TYPO3-20051107-2: th_mailformplus
http://typo3.org/teams/security/security-bulletins/typo3-20051107-2/
Component Type: Third Party Extension. This extension is third party code
that has not been submitted to the TYPO3 extension review process yet. The
extension is not part of TYPO3 default installations.
Affected Components: th_mailformplus
Versions: th_mailformplus versions 3.6.1 and earlier
Vulnerability Type: Potential Spam Abuse
Severity: Low
Problem Description:
A weakness in the form validation of th_mailformplus has been discovered
that may be abused to inject additional recipients in mail forms.
Solution:
An updated version (th_mailformplus version 3.7.0) can be found on
typo3.org/extensions/repository/list/th_mailformplus or via Extension
Manager. All users of this extension are advised to immediatly update.
Credits:
Thanks to Joerg Schoppet for notifying us; thanks to Peter Luser for
providing a fixed version.
Regards,
Ekkehard Guembel
TYPO3 Security Team
- -> This information comes with ABSOLUTELY NO WARRANTY.
- -> Visit http://typo3.org/teams/security/security-bulletins
-----BEGIN PGP SIGNATURE-----
iQA/AwUBQ29T2bacx8F96kPgEQI/+ACg6IABY9slN/TeeXT5eYSvub5zYn8AoL7U
ogaaIAExl2mwUNpaGJ+FfNXA
=eUTJ
-----END PGP SIGNATURE-----
More information about the TYPO3-announce
mailing list