[TYPO3-announce] Remote Code Execution and Denial of Service Vulnerabilities found in TYPO3 Core

TYPO3 Security Team security at typo3.org
Wed Oct 22 10:53:46 CEST 2014

Dear TYPO3 users!

It has been discovered that TYPO3 Core had Remote Code Execution and Denial of Service Vulnerabilities.

Only TYPO3 installations with openid extension enabled or "sendmail" transport mail configuration (both not enabled by default) are affected.

For more details on the issues please read the accordant advisory:

TYPO3 Security Bulletin TYPO3-CORE-SA-2014-002: TYPO3-CORE-SA-2014-002: Multiple Vulnerabilities in TYPO3 CMS

In general the TYPO3 Security Team recommends to read the following pages:

The TYPO3 Security Guide:

See all TYPO3 security advisories:


Helmut Hummel
Member of the TYPO3 Security Team

TYPO3-announce mailing list
TYPO3-announce at lists.typo3.org

More information about the TYPO3-announce mailing list