[TYPO3-mvc] SQL-Injection orderBy
Christian Baer
chr.baer at googlemail.com
Fri Jun 25 13:44:52 CEST 2010
Hi,
I just wrote the security team. You are right, that was not so clever...
sorry
Regards,
Christian
Am 25.06.10 13:10, schrieb Dmitry Dulepov:
> Hi!
>
> Christian Baer wrote:
>> maybe I just found a possibility for SQL-Injection in
>> Tx_Extbase_Persistence_Storage_Typo3DbBackend, could someone check this
>> please?
>
> Don't disclose security issues, even if you are not sure about them!!! This
> gives attackers ways to attack many sites. Write to security at typo3.org. I
> am sure you saw the message in the Extension Manger that asks to do exactly
> this...
>
More information about the TYPO3-project-typo3v4mvc
mailing list