Vigil@nce: TYPO3, vulnerabilities of extensions
September 2011 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use two vulnerabilities of TYPO3 extensions in
order to inject SQL code.
– Severity: 2/4
– Creation date: 25/08/2011
IMPACTED PRODUCTS
– TYPO3
DESCRIPTION OF THE VULNERABILITY
Two vulnerabilities were announced in TYPO3 extensions.
An attacker can generate several SQL injections in the extension
Formhandler (formhandler). [severity:2/4; TYPO3-EXT-SA-2011-003]
An attacker can generate a Cross Site Scripting in the extension
Questionaire (pbsurvey). [severity:2/4; TYPO3-EXT-SA-2011-004]
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/TYPO3-vulnerabilities-of-extensions-10953