TYPO3 News & Events Hub
What’s new & what’s comin’
TYPO3 v6.2.47 and 7.6.40 ELTS Released
Still sticking to an older version of TYPO3? There may be good reasons for doing so. Today, TYPO3 v6.2.47 and 7.6.40 ELTS have been released. Staying on top of maintenance and security updates should be a top priority - Gain peace of mind by opting for one of TYPO3 GmbH’s Extended Support offers!
Read moreTYPO3-EXT-SA-2019-023: CSRF in extension "femanager" (femanager)
It has been discovered that the extension "femanager" (femanager) is susceptible to Cross-Site-Request-Forgery (CSRF).
TYPO3-EXT-SA-2019-022: Privilege Escalation in extension "femanager direct mail subscription" (femanager_dmail_subscribe)
It has been discovered that the extension "femanager direct mail subscription" (femanager_dmail_subscribe) is susceptible to Privilege Escalation.
TYPO3-EXT-SA-2019-021: Cross Site Scripting in extension "File List" (file_list)
It has been discovered that the extension "File List" (file_list) is susceptible to Cross Site Scripting.
TYPO3-EXT-SA-2019-020: CSRF in extension "Change password for frontend users" (fe_change_pwd)
It has been discovered that the extension "Change password for frontend users" (fe_change_pwd) is susceptible to Cross-Site-Request-Forgery (CSRF).
TYPO3-EXT-SA-2019-019: Multiple vulnerabilities in extension "MKSamlAuth" (mksamlauth)
It has been discovered that the extension "MKSamlAuth" (mksamlauth) is susceptible to Broken Authentication and Authentication Bypass.
TYPO3 10.2.2, 9.5.13 and 8.7.30 security releases published
The TYPO3 Community announces the versions 10.2.2, 9.5.13 LTS and 8.7.30 LTS of the TYPO3 Enterprise Content Management System.
TYPO3-CORE-SA-2019-026: Insecure Deserialization in Query Generator & Query View
It has been discovered that TYPO3 CMS is vulnerable to insecure deserialization.
TYPO3-CORE-SA-2019-025: SQL Injection in low-level Query Generator
It has been discovered that TYPO3 CMS is vulnerable to SQL injection.
TYPO3-CORE-SA-2019-024: Directory Traversal on ZIP extraction
It has been discovered that TYPO3 CMS is vulnerable to directory traversal.