Release date:
Updated on:
Affected Systems:
TYPO3 WEC Discussion Forum Extension 2.x
Description:
--------------------------------------------------------------------------------
Bugtraq id: 58054
TYPO3 WEC Discussion Forum is a third-party extension. You can create a Discussion area, blog, or add comments on the page.
In versions earlier than WEC Discussion Forum 2.1.2, some inputs are not filtered and used in SQL queries. By injecting arbitrary SQL code, you can operate SQL queries.
<* Source: Florian Wessner
Link: http://secunia.com/advisories/52284/
Http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2013-005/
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
TYPO3
-----
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://typo3.org/extensions/repository/view/wec_discussion/2.1.2/