Vigil@nce: TYPO3, four vulnerabilities
March 2010 by Vigil@nce
An attacker can use four vulnerabilities of TYPO3, in order to
obtain information, to create a Cross Site Scripting, or to bypass
the authentication.
– Severity: 2/4
– Consequences: user access/rights, client access/rights, data
reading
– Provenance: internet client
– Means of attack: no proof of concept, no attack
– Ability of attacker: expert (4/4)
– Confidence: confirmed by the editor (5/5)
– Diffusion of the vulnerable configuration: high (3/3)
– Number of vulnerabilities in this bulletin: 4
– Creation date: 23/02/2010
IMPACTED PRODUCTS
– TYPO3
DESCRIPTION OF THE VULNERABILITY
Four vulnerabilities were announced in TYPO3.
An attacker with a valid login can generate a Cross Site Scripting
on the backend. [severity:2/4]
An attacker with a valid login can use the sys_action task, in
order to obtain information about other users. [severity:2/4]
When TYPO3 uses PHP as CGI, an attacker can generate a Cross Site
Scripting on the frontend. [severity:2/4]
When the saltedpasswords extension is enabled, an attacker can
authenticate if he knows a hashed password. [severity:2/4]
CHARACTERISTICS
– Identifiers: BID-38366, TYPO3-SA-2010-004, VIGILANCE-VUL-9466
– Url: http://vigilance.fr/vulnerability/TYPO3-four-vulnerabilities-9466