TYPO3 Security Bulletin

An issue has been reported where a bug in the "cmw_linklist" extension allows SQL injection attacks. In specific situations, a remote offender can cause malicious database operations.

Component Type:
Third Party Extension. This extension is third party code that has not been submitted to the TYPO3 extension review process yet. The extension is not part of TYPO3 default installations.

Affected Extension Name:
cmw_linklist

Version: 1.4.1 and earlier
Vulnerability Type: SQL injection
Severity: High

Problem Description:
An issue has been reported where a bug in the cmw_linklist extension allows SQL injection attacks. In specific situations, a remote offender can cause malicious database operations.

Solution:
An updated version of the extension can be found on typo3.org/extensions/repository/list/cmw_linklist/ or via Extension Manager. All users of this extension are strongly advised to immediatly update this extension.