[TYPO3-announce] Security issues in TYPO3 extension Commerce and several other third party extensions

Henning Pingel henning at typo3.org
Mon Oct 20 08:21:28 CEST 2008


Dear users of TYPO3,

Security issues have been discovered in the following third party TYPO3
extensions:

Commerce (commerce),
JobControl (dmmjobcontrol),
Econda Plugin (econda),
Frontend Users View (feusersview),
Mannschaftsliste (kiddog_playerlist),
M1 Intern (m1_intern),
Simple survey (simplesurvey),
Page Improvements (sm_pageimprovements)

For further information, please read the following bulletins:

TYPO3 Collective Security Bulletin TYPO3-20081020-1: Several
vulnerabilities in third party extensions:
<http://typo3.org/teams/security/security-bulletins/typo3-20081020-1/>

TYPO3 Security Bulletin TYPO3-20081020-2: SQL Injection in extension
Commerce (commerce):
<http://typo3.org/teams/security/security-bulletins/typo3-20081020-2/>

In general the TYPO3 Security Team recommends to read the following pages:

The TYPO3 Security Cookbook:
<http://typo3.org/fileadmin/security-team/typo3_security_cookbook_v-0.5.pdf>

Make sure you are subscribed to the TYPO3 Announce List:
<http://lists.netfielders.de/cgi-bin/mailman/listinfo/typo3-announce>

You can find all TYPO3 security bulletins at:
<http://typo3.org/teams/security/security-bulletins/>

Regards,

Henning Pingel
henning at typo3.org



More information about the TYPO3-announce mailing list