Security Advisories
All Advisories
SECURITY-BULLETIN-TYPO3-20050725-1: Security Bulletin TYPO3-20050725-1
Possible Information leak. The TYPO3 Security Team has issued another security bulletin which explains and fixes a possible problem with a debug script in TYPO3.
Read moreTYPO3-20050725-1: TYPO3 Security Bulletin
A debug script exposes system information provided by phpinfo(). By default, the script can be executed by a remote user.
TYPO3-20050307-1: TYPO3 Security Bulletin
Unless the default encryption key settings have been changed by the administrator, the TYPO3 mailform can be compromised to send mail to a wrong receipient. Thus, spam mails may be sent from a remote site.
TYPO3-20050304-1: TYPO3 Security Bulletin
An issue has been reported where a bug in the "cmw_linklist" extension allows SQL injection attacks. In specific situations, a remote offender can cause malicious database operations.