Security Advisories

All Advisories

Subscribe to our Security Advisories Mailing List and receive Security Bulletins via E-Mail

Tue. 10th March, 2020
TYPO3-EXT-SA-2020-003: Multiple vulnerabilities in extension "Magalone Flipbook for TYPO3" (magaloneflipbook)

Categories: Development

Advisory type: TYPO3 Extensions
Created by Torben Hansen

It has been discovered that the extension "Magalone Flipbook for TYPO3" (magaloneflipbook) is susceptible to Remote Code Execution, Arbitrary File…
Read more
Tue. 10th March, 2020
TYPO3-EXT-SA-2020-002: Remote Code Execution in extension "PHPUnit" (phpunit)

Categories: Development

Advisory type: TYPO3 Extensions
Created by Torben Hansen

It has been discovered that the extension "PHPUnit" (phpunit) is susceptible to Remote Code Execution.
Read more
Tue. 10th March, 2020
TYPO3-EXT-SA-2020-001: SQL Injection in extension "phpmyadmin" (phpmyadmin)

Categories: Development

Advisory type: TYPO3 Extensions
Created by Torben Hansen

It has been discovered that the extension "phpmyadmin" (phpmyadmin) is susceptible to SQL Injection.
Read more
Tue. 17th December, 2019
TYPO3-EXT-SA-2019-023: CSRF in extension "femanager" (femanager)

Categories: Development

Advisory type: TYPO3 Extensions
Created by Torben Hansen

It has been discovered that the extension "femanager" (femanager) is susceptible to Cross-Site-Request-Forgery (CSRF).
Read more
Tue. 17th December, 2019
TYPO3-EXT-SA-2019-022: Privilege Escalation in extension "femanager direct mail subscription" (femanager_dmail_subscribe)

Categories: Development

Advisory type: TYPO3 Extensions
Created by Torben Hansen

It has been discovered that the extension "femanager direct mail subscription" (femanager_dmail_subscribe) is susceptible to Privilege Escalation.
Read more
Tue. 17th December, 2019
TYPO3-EXT-SA-2019-021: Cross Site Scripting in extension "File List" (file_list)

Categories: Development

Advisory type: TYPO3 Extensions
Created by Torben Hansen

It has been discovered that the extension "File List" (file_list) is susceptible to Cross Site Scripting.
Read more
Tue. 17th December, 2019
TYPO3-EXT-SA-2019-020: CSRF in extension "Change password for frontend users" (fe_change_pwd)

Categories: Development

Advisory type: TYPO3 Extensions
Created by Torben Hansen

It has been discovered that the extension "Change password for frontend users" (fe_change_pwd) is susceptible to Cross-Site-Request-Forgery (CSRF).
Read more
Tue. 17th December, 2019
TYPO3-EXT-SA-2019-019: Multiple vulnerabilities in extension "MKSamlAuth" (mksamlauth)

Categories: Development

Advisory type: TYPO3 Extensions
Created by Torben Hansen

It has been discovered that the extension "MKSamlAuth" (mksamlauth) is susceptible to Broken Authentication and Authentication Bypass.
Read more
Tue. 17th December, 2019
TYPO3-CORE-SA-2019-026: Insecure Deserialization in Query Generator & Query View

Categories: Development

Advisory type: TYPO3 CMS
Created by Oliver Hader

It has been discovered that TYPO3 CMS is vulnerable to insecure deserialization.
Read more
Tue. 17th December, 2019
TYPO3-CORE-SA-2019-025: SQL Injection in low-level Query Generator

Categories: Development

Advisory type: TYPO3 CMS
Created by Oliver Hader

It has been discovered that TYPO3 CMS is vulnerable to SQL injection.
Read more

Security Advisories

TYPO3-EXT-SA-2020-003: Multiple vulnerabilities in extension "Magalone Flipbook for TYPO3" (magaloneflipbook)

TYPO3-EXT-SA-2020-002: Remote Code Execution in extension "PHPUnit" (phpunit)

TYPO3-EXT-SA-2020-001: SQL Injection in extension "phpmyadmin" (phpmyadmin)

TYPO3-EXT-SA-2019-023: CSRF in extension "femanager" (femanager)

TYPO3-EXT-SA-2019-022: Privilege Escalation in extension "femanager direct mail subscription" (femanager_dmail_subscribe)

TYPO3-EXT-SA-2019-021: Cross Site Scripting in extension "File List" (file_list)

TYPO3-EXT-SA-2019-020: CSRF in extension "Change password for frontend users" (fe_change_pwd)

TYPO3-EXT-SA-2019-019: Multiple vulnerabilities in extension "MKSamlAuth" (mksamlauth)

TYPO3-CORE-SA-2019-026: Insecure Deserialization in Query Generator & Query View

TYPO3-CORE-SA-2019-025: SQL Injection in low-level Query Generator

Information

Downloads

Community

Popular links

Professional Content Management

Inspire people to share

A Community Effort

Certified Expertise

Do you have a question?

Security Advisories

Information

Downloads

Community

Popular links