Component Type:
Third Party Extension. This extension is third party code that has not been submitted to the TYPO3 extension review process yet. The extension is not part of TYPO3 default installations.
Affected Extension Name:
cmw_linklist
Version: 1.4.1 and earlier
Vulnerability Type: SQL injection
Severity: High
Problem Description:
An issue has been reported where a bug in the cmw_linklist extension allows SQL injection attacks. In specific situations, a remote offender can cause malicious database operations.
Solution:
An updated version of the extension can be found on typo3.org/extensions/repository/list/cmw_linklist/ or via Extension Manager. All users of this extension are strongly advised to immediatly update this extension.
TYPO3 13.4.10 and 12.4.29 maintenance releases published
The versions 13.4.10 and 12.4.29 of the TYPO3 Enterprise Content Management System have just been released.