Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

De la Théorie à la pratique





















Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Vigil@nce: TYPO3, vulnerabilities of extensions

August 2009 by Vigil@nce

An attacker can use several vulnerabilities of TYPO3 extensions in order to obtain information, to generate a Cross Site Scripting or to inject SQL code.

Severity: 2/4

Consequences: user access/rights, client access/rights, data reading

Provenance: internet client

Means of attack: no proof of concept, no attack

Ability of attacker: expert (4/4)

Confidence: confirmed by the editor (5/5)

Diffusion of the vulnerable configuration: high (3/3)

Number of vulnerabilities in this bulletin: 10

Creation date: 30/07/2009

IMPACTED PRODUCTS

- TYPO3

DESCRIPTION OF THE VULNERABILITY

An attacker can use several vulnerabilities of TYPO3 extensions.

An attacker can inject SQL code in the CoolURI (cooluri) extension. [grav:2/4; BID-35872]

An attacker can inject SQL code in the Reset backend password (cwt_resetbepassword) extension. [grav:2/4; BID-35876]

An attacker can inject SQL code in the datamints Newsticker (datamints_newsticker) extension. [grav:2/4; BID-35879]

An attacker can inject SQL code, and generate a Cross Site Scripting, in the Front End News Submitter (gb_fenewssubmit) extension. [grav:2/4; BID-35875]

An attacker can generate a Cross Site Scripting in the Mailform (mailform) extension. [grav:2/4; BID-35873]

An attacker can inject SQL code in the Myth download (myth_download) extension. [grav:2/4; BID-35881]

An attacker can inject SQL code in the Tour Extension (pm_tour) extension. [grav:2/4; BID-35880]

An attacker can generate a Cross Site Scripting in the Twitter Search (twittersearch) extension. [grav:2/4; BID-35874]

An attacker can obtain information via the Webesse E-Card (ws_ecard) extension. [grav:2/4; BID-35877]

An attacker can inject SQL code in the Webesse Image Gallery (ws_gallery) extension. [grav:2/4; BID-35878]

CHARACTERISTICS

Identifiers: BID-35872, BID-35873, BID-35874, BID-35875, BID-35876, BID-35877, BID-35878, BID-35879, BID-35880, BID-35881, TYPO3-SA-2009-010, VIGILANCE-VUL-8902

http://vigilance.fr/vulnerability/T...




See previous articles

    

See next articles