Security Bulletin TYPO3-20080611-1: Multiple vulnerabilities in TYPO3 Core
Categories:
Security
It has been discovered that the default value of the TYPO3 configuration variable fileDenyPattern allows arbitrary code execution on Apache web servers. Besides that, the library fe_adminlib.inc allows Cross Site Scripting (XSS).
Please read the entire Security Bulletin here:
Security Bulletin TYPO3-20080611-1: Multiple vulnerabilities in TYPO3 Core
We also recommend that you subscribe to the TYPO3 Announce List to receive all future Security Bulletins and other important TYPO3 news.