Security Advisories

• TYPO3 Extensions

TYPO3-EXT-SA-2014-001: Several vulnerabilities in extension mm_forum (mm_forum)

• Marcus Krause

12 February 2014

It has been discovered that the extension "mm_forum" (mm_forum) is vulnerable to Arbitrary Code Execution, Cross-Site Scripting and Cross-Site Request Forgery

Read more

• The Project
• Public Service Announcement

TYPO3-PSA-2014-001: Cross-Site Request Forgery Protection in TYPO3 CMS 6.2

• 

28 January 2014

TYPO3 CMS 6.2 will get CSRF Protection throughout all modules and parts that manipulate data.

• Product Updates & Roadmap
• TYPO3 CMS

TYPO3-CORE-SA-2013-004: Multiple Vulnerabilities in TYPO3 CMS

• Helmut Hummel

10 December 2013

It has been discovered that TYPO3 CMS is vulnerable to Cross-Site Scripting, Information Disclosure, Mass Assignment, Open Redirection and Insecure Unserialize.

• TYPO3 Extensions

TYPO3-EXT-SA-2013-018: Several vulnerabilities in extension AWStats (cc_awstats)

• Marcus Krause

25 September 2013

It has been discovered that the extension "AWStats" (cc_awstats) contains an unspecific vulnerability in the bundled AWStats version.

• TYPO3 Extensions

TYPO3-EXT-SA-2013-017: Several vulnerabilities in third party extensions

• Marcus Krause

25 September 2013

Several vulnerabilities have been found in the following third-party TYPO3 extensions: booking, cronmm_ratsinfo, ics_awstats, iflowgallery, ke_userregister, meta_beawstatsind, powermail_optin, smarty, youtubevideos

• TYPO3 Extensions

TYPO3-EXT-SA-2013-016: SQL Injection vulnerability in extension Formhandler (formhandler)

• Marcus Krause

25 September 2013

It has been discovered that the extension "Formhandler" (formhandler) is vulnerable to SQL-Injection.

• TYPO3 Extensions

TYPO3-EXT-SA-2013-015: SQL Injection vulnerability in extension RealURL: speaking paths for TYPO3 (realurl)

• Marcus Krause

25 September 2013

It has been discovered that the extension "RealURL: speaking paths for TYPO3" (realurl) is vulnerable to SQL-Injection.

• TYPO3 Extensions

TYPO3-EXT-SA-2013-014: Information Disclosure in extension Direct Mail (direct_mail)

• Marcus Krause

25 September 2013

It has been discovered that the extension "Direct Mail" (direct mail) is susceptible to Information Disclosure

• TYPO3 Extensions

TYPO3-EXT-SA-2013-009: Several vulnerabilities in extension Apache Solr for TYPO3 (solr)

• Marcus Krause

25 September 2013

It has been discovered that the extension "Apache Solr for TYPO3" (solr) is vulnerable to Cross-Site Scripting and Insecure Unserialize.

• Product Updates & Roadmap
• TYPO3 CMS

TYPO3-CORE-SA-2013-003: Incomplete Access Management and Remote Code Execution Vulnerability in TYPO3 Core

• Helmut Hummel

04 September 2013

It has been discovered that TYPO3 Core has Incomplete Access Management and is vulnerable to Remote Code Execution