Released on: 2013-06-03
Updated on: 2013-06-26
Affected Systems:
TYPO3 multihop <2.0.39
Description:
--------------------------------------------------------------------------------
Bugtraq id: 60291
CVE (CAN) ID: CVE-2013-4682
Typo3 is an open-source Content Management System (CMS) and Content Management Framework (CMF ).
The SQL injection vulnerability exists in Multishop 2.0.39 and earlier versions of TYPO3. Attackers can exploit this vulnerability to damage applications, access or modify data, exploit other vulnerabilities in lower-level databases, and execute SQL commands.
<* Source: Xavier Perseguers
Link: http://secunia.com/advisories/53441
Http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-009-1/
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
TYPO3
-----
TYPO3 has released a Security Bulletin (typo3-ext-sa-2013-009-1) and corresponding patches for this:
Typo3-ext-sa-2013-009-1: SQL Injection vulnerability in extension Multishop (multishop)
Link: http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-009-1/
Patch download: http://typo3.org/extensions/repository/view/multishop