TYPO3 News & Events Hub
What’s new & what’s comin’
TYPO3-EXT-SA-2019-013: SQL Injection in extension "comsolit Suggest" (comsolit_suggest)
It has been discovered that the extension "comsolit Suggest" (comsolit_suggest) is susceptible to SQL Injection.
Read moreTYPO3-EXT-SA-2019-012: Arbitrary file Upload in extension "Yet Another Gallery" (yag)
It has been discovered that the extension "Yet Another Gallery" (yag) is susceptible to Arbitrary File Upload.
TYPO3-EXT-SA-2019-011: SQL Injection in extension "Event Calender" (pits_wd_calender)
It has been discovered that the extension "Event Calender" (pits_wd_calender) is susceptible to SQL Injection.
TYPO3-EXT-SA-2019-010: Cross Site Scripting in extension "Instagram" (ws_instagram)
It has been discovered that the extension "Instagram" (ws_instagram) is susceptible to Cross Site Scripting.
TYPO3-EXT-SA-2019-009: Cross Site Scripting in extension "gkh RSS Import" (gkh_rss_import)
It has been discovered that the extension "gkh RSS Import" (gkh_rss_import) is susceptible to Cross Site Scripting.
TYPO3-EXT-SA-2019-008: Multiple vulnerabilities in extension "phpMyAdmin" (phpmyadmin)
It has been discovered that the extension "phpMyAdmin" (phpmyadmin) is susceptible to Arbitrary file read and SQL injection.
TYPO3-EXT-SA-2019-007: Remote Code Execution in extension "ImageOptimizer" (imageoptimizer)
It has been discovered that the extension "ImageOptimizer" (imageoptimizer) is susceptible to Remote Code Execution.
TYPO3-EXT-SA-2019-006: Open Redirect in extension "Hairu" (hairu)
It has been discovered that the extension "Hairu" (hairu) is susceptible to an Open Redirect.
TYPO3-EXT-SA-2019-005: SQL Injection in extension "Faceted Search" (ke_search)
It has been discovered that the extension "Faceted Search" (ke_search) is susceptible to SQL Injection.
TYPO3-PSA-2019-006: Security Misconfiguration since TYPO3 9.4.0
It has been discovered that TYPO3 is susceptible to security misconfiguration.