Freely subscribe to our NEWSLETTER

This bulletin was written by Vigil@nce : http://vigilance.fr/offer

SYNTHESIS OF THE VULNERABILITY

An attacker can use two vulnerabilities of TYPO3 extensions in
order to inject SQL code.

– Severity: 2/4
– Creation date: 25/08/2011

IMPACTED PRODUCTS

– TYPO3

DESCRIPTION OF THE VULNERABILITY

Two vulnerabilities were announced in TYPO3 extensions.

An attacker can generate several SQL injections in the extension
Formhandler (formhandler). [severity:2/4; TYPO3-EXT-SA-2011-003]

An attacker can generate a Cross Site Scripting in the extension
Questionaire (pbsurvey). [severity:2/4; TYPO3-EXT-SA-2011-004]

ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN

http://vigilance.fr/vulnerability/TYPO3-vulnerabilities-of-extensions-10953