Freely subscribe to our NEWSLETTER

This bulletin was written by Vigil@nce : http://vigilance.fr/offer

SYNTHESIS OF THE VULNERABILITY

An attacker can use several vulnerabilities of TYPO3 extensions.

Impacted products: TYPO3 Extensions

Severity: 2/4

Creation date: 05/08/2013

DESCRIPTION OF THE VULNERABILITY

Several vulnerabilities were announced in TYPO3 extensions.

An attacker can use a SQL injection in Browser, in order to read
or alter data. [severity:2/4; BID-61656]

An attacker can use a SQL injection in Store Locator (locator), in
order to read or alter data. [severity:2/4; BID-61606]

An attacker can use a SQL injection in Faceted Search (ke_search),
in order to read or alter data. [severity:2/4; BID-61609]

An attacker can trigger a Cross Site Scripting in RealURL
Management (realurlmanagement), in order to execute JavaScript
code in the context of the web site. [severity:2/4; BID-61654]

An attacker can use a SQL injection in DB Integration (wfqbe), in
order to read or alter data. [severity:2/4; BID-61653]

ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN

http://vigilance.fr/vulnerability/TYPO3-Extensions-multiple-vulnerabilities-13203