Security Advisories
All Advisories
TYPO3-EXT-SA-2016-025: Multiple vulnerabilities in extension "phpMyAdmin" (phpmyadmin)
It has been discovered that the extension "phpMyAdmin" (phpmyadmin) has multiple vulnerabilities.
Mehr erfahrenTYPO3-EXT-SA-2016-024: SQL Injection in extension "Events" (jp_events)
It has been discovered that the extension "Events" (jp_events) is susceptible to SQL Injection.
TYPO3-EXT-SA-2016-023: SQL Injection in extension "GN Tactics Planner" (sf_gntactics)
It has been discovered that the extension "GN Tactics Planner" (sf_gntactics) is susceptible to SQL Injection.
TYPO3-CORE-SA-2016-022: Cache Flooding in TYPO3 Frontend
It has been discovered, that TYPO3 is vulnerable to Cache Flooding
TYPO3-CORE-SA-2016-021: Cross-Site Scripting in TYPO3 Backend
It has been discovered, that TYPO3 is vulnerable to Cross-Site Scripting
TYPO3-EXT-SA-2016-022: Arbitrary Code Execution in extension "Frontend User Registration" (sf_register)
TYPO3-EXT-SA-2016-021: Denial of Service in extension "Speaking URLs for TYPO3" (realurl)
It has been discovered that the extension "Speaking URLs for TYPO3" (realurl) is susceptible to Denial of Service.
TYPO3-CORE-SA-2016-020: Cross-Site Scripting in third party library mso/idna-convert
It has been discovered, that TYPO3 ships example code of mso/idna-convert library that is vulnerable to Cross-Site Scripting
TYPO3-CORE-SA-2016-019: Environment Variable Injection
It has been discovered, that PHP exposes the risk of Environment Variable Injection and TYPO3 is vulnerable through third party library guzzlehttp/guzzle
TYPO3-CORE-SA-2016-018: Cross-Site Scripting vulnerability in typolinks
It has been discovered, that TYPO3 is susceptible to Cross-Site Scripting.