Vigil@nce: TYPO3, vulnerabilities of extensions
September 2011 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use two vulnerabilities of TYPO3 extensions in order to inject SQL code.
Creation date: 25/08/2011
DESCRIPTION OF THE VULNERABILITY
Two vulnerabilities were announced in TYPO3 extensions.
An attacker can generate several SQL injections in the extension Formhandler (formhandler). [severity:2/4; TYPO3-EXT-SA-2011-003]
An attacker can generate a Cross Site Scripting in the extension Questionaire (pbsurvey). [severity:2/4; TYPO3-EXT-SA-2011-004]
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN