Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Vigil@nce: TYPO3, vulnerabilities of extensions

February 2010 by Vigil@nce

SYNTHESIS OF THE VULNERABILITY

An attacker can use several vulnerabilities of TYPO3 extensions in
order to generate a Cross Site Scripting or to inject SQL code.

Severity: 2/4

Consequences: user access/rights, client access/rights, data
reading

Provenance: internet client

Means of attack: no proof of concept, no attack

Ability of attacker: expert (4/4)

Confidence: confirmed by the editor (5/5)

Diffusion of the vulnerable configuration: high (3/3)

Number of vulnerabilities in this bulletin: 7

Creation date: 01/02/2010

IMPACTED PRODUCTS

 TYPO3

DESCRIPTION OF THE VULNERABILITY

An attacker can use several vulnerabilities of TYPO3 extensions.

An attacker can generate SQL injections and Cross Site Scriptings
in the T3BLOG (t3blog) extension. [grav:2/4; BID-38030,
TYPO3-SA-2010-002]

An attacker can generate a SQL injection in the Event Manager
(eventmanagement) extension. [grav:2/4; TYPO3-SA-2010-003]

An attacker can generate a SQL injection in the Game Article DB
(game_articledb) extension. [grav:2/4; TYPO3-SA-2010-003]

An attacker can generate a SQL injection and a Cross Site
Scripting in the Simple career (ml_career) extension. [grav:2/4;
TYPO3-SA-2010-003]

An attacker can generate a SQL injection in the Surprise Calendar
(ml_surprisecalendar) extension. [grav:2/4; TYPO3-SA-2010-003]

An attacker can generate a Cross Site Scripting in the Search Api
Ajax Google (searchajaxgoogle) extension. [grav:2/4;
TYPO3-SA-2010-003]

An attacker can obtain information via the Download Manager
(spr_downloadmanager) extension. [grav:1/4; TYPO3-SA-2010-003]

CHARACTERISTICS

Identifiers: BID-38030, TYPO3-SA-2010-002, TYPO3-SA-2010-003,
VIGILANCE-VUL-9394

http://vigilance.fr/vulnerability/TYPO3-vulnerabilities-of-extensions-9394


See previous articles

    

See next articles


Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts