Actu
Vigil@nce - TYPO3: five vulnerabilities
August 2012 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use five vulnerabilities of TYPO3, in order to
read data, to execute code, or to create a Cross Site Scripting.
Severity: 2/4
Creation date: 16/08/2012
IMPACTED PRODUCTS
– Debian Linux
– TYPO3
DESCRIPTION OF THE VULNERABILITY
Five vulnerabilities were announced in TYPO3.
An authenticated attacker can use view_help.php to unserialize an
object, in order to execute code. [severity:2/4; CVE-2012-3527]
An authenticated attacker can generate several Cross Site
Scripting in the backend. [severity:1/4; CVE-2012-3528]
An authenticated attacker, who is allowed to access to the
configuration module, can read the encryption key. [severity:1/4;
CVE-2012-3529]
An attacker can generate a Cross Site Scripting, even if
t3lib_div::RemoveXSS() and t3lib_div::quoteJSvalue() are used.
[severity:2/4; CVE-2012-3530]
An attacker can generate a Cross Site Scripting in the Install
Tool. [severity:2/4; CVE-2012-3531]
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/TYPO3-five-vulnerabilities-11860
