Security Advisories

All Advisories

Subscribe to our Security Advisories Mailing List and receive Security Bulletins via E-Mail

Tue. 25th June, 2019
TYPO3-CORE-SA-2019-015: Cross-Site Scripting in Link Handling

Categories: Development

Advisory type: TYPO3 CMS
Created by Frank Nägler

It has been discovered that TYPO3 CMS is vulnerable to cross-site scripting.
Read more
Tue. 25th June, 2019
TYPO3-CORE-SA-2019-014: Information Disclosure in Backend User Interface

Categories: Development

Advisory type: TYPO3 CMS
Created by Andreas Fernandez

It has been discovered that TYPO3 CMS is susceptible to information disclosure.
Read more
Wed. 8th May, 2019
TYPO3-PSA-2019-008: By-passing protection of Phar Stream Wrapper Interceptor

Categories: Development

Advisory type: Public Service Announcements
Created by Oliver Hader

It has been discovered that the protection against insecure deserialization can be by-passed in Phar Stream Wrapper component.
Read more
Wed. 8th May, 2019
TYPO3-PSA-2019-007: By-passing protection of Phar Stream Wrapper Interceptor

Categories: Development

Advisory type: Public Service Announcements
Created by Oliver Hader

It has been discovered that the protection against insecure deserialization can be by-passed in Phar Stream Wrapper component.
Read more
Tue. 7th May, 2019
TYPO3-EXT-SA-2019-013: SQL Injection in extension "comsolit Suggest" (comsolit_suggest)

Categories: Development

Advisory type: TYPO3 Extensions
Created by Torben Hansen

It has been discovered that the extension "comsolit Suggest" (comsolit_suggest) is susceptible to SQL Injection.
Read more
Tue. 7th May, 2019
TYPO3-EXT-SA-2019-012: Arbitrary file Upload in extension "Yet Another Gallery" (yag)

Categories: Development

Advisory type: TYPO3 Extensions
Created by Torben Hansen

It has been discovered that the extension "Yet Another Gallery" (yag) is susceptible to Arbitrary File Upload.
Read more
Tue. 7th May, 2019
TYPO3-EXT-SA-2019-011: SQL Injection in extension "Event Calender" (pits_wd_calender)

Categories: Development

Advisory type: TYPO3 Extensions
Created by Torben Hansen

It has been discovered that the extension "Event Calender" (pits_wd_calender) is susceptible to SQL Injection.
Read more
Tue. 7th May, 2019
TYPO3-EXT-SA-2019-010: Cross Site Scripting in extension "Instagram" (ws_instagram)

Categories: Development

Advisory type: TYPO3 Extensions
Created by Torben Hansen

It has been discovered that the extension "Instagram" (ws_instagram) is susceptible to Cross Site Scripting.
Read more
Tue. 7th May, 2019
TYPO3-EXT-SA-2019-009: Cross Site Scripting in extension "gkh RSS Import" (gkh_rss_import)

Categories: Development

Advisory type: TYPO3 Extensions
Created by Torben Hansen

It has been discovered that the extension "gkh RSS Import" (gkh_rss_import) is susceptible to Cross Site Scripting.
Read more
Tue. 7th May, 2019
TYPO3-EXT-SA-2019-008: Multiple vulnerabilities in extension "phpMyAdmin" (phpmyadmin)

Categories: Development

Advisory type: TYPO3 Extensions
Created by Torben Hansen

It has been discovered that the extension "phpMyAdmin" (phpmyadmin) is susceptible to Arbitrary file read and SQL injection.
Read more

Security Advisories

TYPO3-CORE-SA-2019-015: Cross-Site Scripting in Link Handling

TYPO3-CORE-SA-2019-014: Information Disclosure in Backend User Interface

TYPO3-PSA-2019-008: By-passing protection of Phar Stream Wrapper Interceptor

TYPO3-PSA-2019-007: By-passing protection of Phar Stream Wrapper Interceptor

TYPO3-EXT-SA-2019-013: SQL Injection in extension "comsolit Suggest" (comsolit_suggest)

TYPO3-EXT-SA-2019-012: Arbitrary file Upload in extension "Yet Another Gallery" (yag)

TYPO3-EXT-SA-2019-011: SQL Injection in extension "Event Calender" (pits_wd_calender)

TYPO3-EXT-SA-2019-010: Cross Site Scripting in extension "Instagram" (ws_instagram)

TYPO3-EXT-SA-2019-009: Cross Site Scripting in extension "gkh RSS Import" (gkh_rss_import)

TYPO3-EXT-SA-2019-008: Multiple vulnerabilities in extension "phpMyAdmin" (phpmyadmin)

Information

Downloads

Community

Popular links

Professional Content Management

Inspire people to share

A Community Effort

Do you have a question?

Security Advisories

Information

Downloads

Community

Popular links