[TYPO3-announce] TYPO3 Security Bulletin 20070919-1: Multiple vulnerabilities in extension mm_forum

[Lars Houmark]

Dear users of TYPO3,

It has been discovered that the extension mm_forum is vulnerable to  
multiple SQL Injection attacks and multiple XSS flaws alongside other  
vulnerabilities.

==== Component Type ====
Third party extension. This extension is not part of the TYPO3  
default installation.

==== Affected Versions ====
Version 0.1.2 and all versions below.

==== Vulnerability Type ====
SQL Injection, Cross Site Scripting.

==== Severity ====
HIGH

==== Problem Description ====
The extension is open to multiple SQL injections and Cross Site  
Scripting flaws because it fails to properly sanitize user-supplied  
input.

Please note that the TYPO3 Security Team has not done a complete  
review of the extension, due to lack of time and funding for this.

Please contact the TYPO3 Security Team if you are able to donate  
money to our work, i.e. reviewing this extension.

==== Solution ====
An updated version is available from the TYPO3 extension manager and at
http://typo3.org/extensions/repository/view/mm_forum/0.1.3/

==== General advice ====
Follow the recommendations that are given in the TYPO3 Security  
Cookbook [1].
Keep notice of the TYPO3 security bulletin page at [2].

==== Credits ====
The TYPO3 Security Team wishes to thank the guys at Mittwald CM  
Service. After being informed by the TYPO3 Security Team about the  
presence of multiple security issues, they have fixed the issues  
quickly, and also reviewed the full code of mm_forum, to eliminate  
further security issues.

[1] http://typo3.org/fileadmin/security-team/ 
typo3_security_cookbook_v-0.5.pdf
[2] http://typo3.org/teams/security/security-bulletins/

Regards,

Lars Houmark
lars at typo3.org