[TYPO3-mvc] SQL-Injection orderBy

[Dmitry Dulepov]

Hi!

Christian Baer wrote:
> maybe I just found a possibility for SQL-Injection in
> Tx_Extbase_Persistence_Storage_Typo3DbBackend, could someone check this
> please?

Don't disclose security issues, even if you are not sure about them!!! This
gives attackers ways to attack many sites. Write to security at typo3.org. I
am sure you saw the message in the Extension Manger that asks to do exactly
this...

-- 
Dmitry Dulepov
TYPO3 expert / TYPO3 core&security teams member
Twitter: http://twitter.com/dmitryd
Read more @ http://dmitry-dulepov.com/