Release date:
Updated on:
Affected Systems:
TYPO3 T3 jQuery extension <= 2.2.0
Description:
--------------------------------------------------------------------------------
Bugtraq id: 57280
Typo3 is an open-source Content Management System (CMS) and Content Management Framework (CMF ).
TYPO3 T3 jQuery 2.2.0 and earlier versions use "unserialize ()" for user-controlled input, which can be used to execute arbitrary PHP code.
<* Source: vendor
Link: http://secunia.com/advisories/51835/
Http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-001/
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
TYPO3
-----
TYPO3 has released a Security Bulletin (typo3-ext-sa-2013-001) and corresponding patches for this:
Typo3-ext-sa-2013-001: TYPO3-EXT-SA-2013-001: Several vulnerabilities in third party extensions
Link: http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-001/
Patch download: http://typo3.org/extensions/repository/view/news/1.3.3/