Vigil@nce - TYPO3 Extensions: multiple vulnerabilities
August 2013 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use several vulnerabilities of TYPO3 extensions.
Impacted products: TYPO3 Extensions
Severity: 2/4
Creation date: 05/08/2013
DESCRIPTION OF THE VULNERABILITY
Several vulnerabilities were announced in TYPO3 extensions.
An attacker can use a SQL injection in Browser, in order to read
or alter data. [severity:2/4; BID-61656]
An attacker can use a SQL injection in Store Locator (locator), in
order to read or alter data. [severity:2/4; BID-61606]
An attacker can use a SQL injection in Faceted Search (ke_search),
in order to read or alter data. [severity:2/4; BID-61609]
An attacker can trigger a Cross Site Scripting in RealURL
Management (realurlmanagement), in order to execute JavaScript
code in the context of the web site. [severity:2/4; BID-61654]
An attacker can use a SQL injection in DB Integration (wfqbe), in
order to read or alter data. [severity:2/4; BID-61653]
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/TYPO3-Extensions-multiple-vulnerabilities-13203