Release date:
Updated on: 2012-11-01
Affected Systems:
TYPO3 Formhandler <= 1.4.0
Description:
--------------------------------------------------------------------------------
Typo3 is an open-source Content Management System (CMS) and Content Management Framework (CMF ).
TYPO3 Formhandler extensions 1.4.0 and earlier versions have multiple vulnerabilities. If some inputs are not properly filtered, they are returned to users and used in SQL queries, attackers can execute arbitrary HTML and script code in the user's browser of the affected site. This vulnerability requires the editor permission for the Formhandler backend module.
<* Source: Sven Krewitt
Link: http://secunia.com/advisories/51116/
Http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-012/
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
TYPO3
-----
TYPO3 has released a Security Bulletin (typo3-ext-sa-2012-012) for this and the corresponding patch 1.4.1:
Typo3-ext-sa-2012-012: TYPO3-EXT-SA-2012-012: Several Vulnerabilities in extension Formhandler (formhandler)
Link: http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-012/
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
