Security Advisories

• Developer & Technology
• TYPO3 CMS

TYPO3-CORE-SA-2020-002: Cross-Site Scripting in Form Engine

• Oliver Hader

12 Mai 2020

It has been discovered that TYPO3 CMS is vulnerable to cross-site scripting.

Mehr erfahren

• Developer & Technology
• TYPO3 Extensions

TYPO3-EXT-SA-2020-006: Broken Access Control in extension "gForum" (g_forum)

• Torben Hansen

12 Mai 2020

It has been discovered that the extension "gForum" (g_forum) is susceptible to Broken Access Control.

• Developer & Technology
• TYPO3 CMS

TYPO3-CORE-SA-2020-001: Information Disclosure in Password Reset

• Oliver Hader

12 Mai 2020

It has been discovered that TYPO3 CMS is susceptible to information disclosure.

• Developer & Technology
• TYPO3 Extensions

TYPO3-EXT-SA-2020-005: Multiple vulnerabilities in extension "Direct Mail" (direct_mail)

• Torben Hansen

12 Mai 2020

It has been discovered that the extension "Direct Mail" (direct_mail) is susceptible to Denial of Service, Broken Access Control, Open Redirect and Information Disclosure.

• Developer & Technology
• TYPO3 Extensions

TYPO3-EXT-SA-2020-004: SQL Injection in extension "phpMyAdmin" (phpmyadmin)

• Torben Hansen

12 Mai 2020

It has been discovered that the extension "phpMyAdmin" (phpmyadmin) is susceptible to SQL Injection.

• Developer & Technology
• TYPO3 Extensions

TYPO3-EXT-SA-2020-003: Multiple vulnerabilities in extension "Magalone Flipbook for TYPO3" (magaloneflipbook)

• Torben Hansen

10 März 2020

It has been discovered that the extension "Magalone Flipbook for TYPO3" (magaloneflipbook) is susceptible to Remote Code Execution, Arbitrary File Upload, Path Traversal and Broken Access Control.

• Developer & Technology
• TYPO3 Extensions

TYPO3-EXT-SA-2020-002: Remote Code Execution in extension "PHPUnit" (phpunit)

• Torben Hansen

10 März 2020

It has been discovered that the extension "PHPUnit" (phpunit) is susceptible to Remote Code Execution.

• Developer & Technology
• TYPO3 Extensions

TYPO3-EXT-SA-2020-001: SQL Injection in extension "phpmyadmin" (phpmyadmin)

• Torben Hansen

10 März 2020

It has been discovered that the extension "phpmyadmin" (phpmyadmin) is susceptible to SQL Injection.

• Developer & Technology
• TYPO3 Extensions

TYPO3-EXT-SA-2019-023: CSRF in extension "femanager" (femanager)

• Torben Hansen

17 Dezember 2019

It has been discovered that the extension "femanager" (femanager) is susceptible to Cross-Site-Request-Forgery (CSRF).

• Developer & Technology
• TYPO3 Extensions

TYPO3-EXT-SA-2019-022: Privilege Escalation in extension "femanager direct mail subscription" (femanager_dmail_subscribe)

• Torben Hansen

17 Dezember 2019

It has been discovered that the extension "femanager direct mail subscription" (femanager_dmail_subscribe) is susceptible to Privilege Escalation.