Multiple security issues found in TYPO3 core

Categories: Security Created by Helmut Hummel

It has been discovered that improper error handling could lead to cache flooding in TYPO3 Core and that the prepared statement database API potentially allows SQL Injections.

Please read the advisories for a description and solutions of all the above mentioned issues:

TYPO3 Security Bulletin TYPO3-CORE-SA-2011-002: Potential SQL injection vulnerabilitiy in TYPO3 Core

TYPO3 Security Bulletin TYPO3-CORE-SA-2011-003: Improper error handling could lead to cache flooding in TYPO3 Core

 

In general the TYPO3 Security Team recommends to read the following pages:

The TYPO3 Security Cookbook:
http://typo3.org/fileadmin/security-team/typo3_security_cookbook_v-0.5.pdf

Make sure you are subscribed to the TYPO3 Announce List:
http://lists.typo3.org/cgi-bin/mailman/listinfo/typo3-announce

See all TYPO3 security advisories for the TYPO3 Core:
http://typo3.org/teams/security/security-bulletins/typo3-core/