Security Advisories

All Advisories

Subscribe to our Security Advisories Mailing List and receive Security Bulletins via E-Mail

Tue. 26th April, 2022
TYPO3-EXT-SA-2022-007: SQL Injection in extension "One is Enough Library" (oelib)

Categories: Development, Security

Advisory type: TYPO3 Extensions
Created by Torben Hansen

It has been discovered that the extension "One is Enough Library" (oelib) is susceptible to SQL Injection.
Read more
Tue. 26th April, 2022
TYPO3-EXT-SA-2022-006: SQL Injection in extension "Seminar Manager" (seminars)

Categories: Development, Security

Advisory type: TYPO3 Extensions
Created by Torben Hansen

It has been discovered that the extension "Seminar Manager" (seminars) is susceptible to SQL Injection.
Read more
Tue. 26th April, 2022
TYPO3-EXT-SA-2022-005: Remote Code Execution in extension "Job portal" (psvneo_jobfair)

Categories: Development, Security

Advisory type: TYPO3 Extensions
Created by Torben Hansen

It has been discovered that the extension "Job portal" (psvneo_jobfair) is susceptible to Remote Code Execution.
Read more
Tue. 22nd February, 2022
TYPO3-PSA-2022-001: Sanitization bypass in SVG Sanitizer

Categories: Development, Security, TYPO3 CMS

Advisory type: Public Service Announcements
Created by Oliver Hader

Third-party package enshrined/svg-sanitize, used by TYPO3 core packages, was susceptible to bypassing the sanitization strategy.
Read more
Tue. 15th February, 2022
TYPO3-EXT-SA-2022-004: File Content Injection in extension "Hardcoded text to Locallang" (mqk_locallangtools)

Categories: Development, Security

Advisory type: TYPO3 Extensions
Created by Torben Hansen

It has been discovered that the extension "Hardcoded text to Locallang" (mqk_locallangtools) is susceptible to File Content Injection.
Read more
Tue. 15th February, 2022
TYPO3-EXT-SA-2022-003: Insecure direct object reference in extension "Varnishcache" (varnishcache)

Categories: Development, Security

Advisory type: TYPO3 Extensions
Created by Torben Hansen

It has been discovered that the extension "Varnishcache" (varnishcache) is susceptible to Insecure direct object reference.
Read more
Tue. 15th February, 2022
TYPO3-EXT-SA-2022-002: Cross-Site Scripting in extension "Bookdatabase" (extbookdatabase)

Categories: Development, Security

Advisory type: TYPO3 Extensions
Created by Torben Hansen

It has been discovered that the extension "Bookdatabase" (extbookdatabase) is susceptible to Cross-Site Scripting.
Read more
Tue. 15th February, 2022
TYPO3-EXT-SA-2022-001: Server-side request forgery in extension "Kitodo.Presentation" (dlf)

Categories: Development, Security

Advisory type: TYPO3 Extensions
Created by Torben Hansen

It has been discovered that the extension "Kitodo.Presentation" (dlf) is susceptible to Server-side request forgery.
Read more
Thu. 16th December, 2021
TYPO3-PSA-2021-004: Statement on Recent log4j/log4shell Vulnerabilities (CVE-2021-44228)

Categories: Development, Security, TYPO3 CMS

Advisory type: Public Service Announcements
Created by Torben Hansen

Components of TYPO3 CMS are based on PHP and are therefore not directly affected by the recent log4j vulnerabilities. However, additional services…
Read more
Thu. 16th December, 2021
TYPO3-PSA-2021-003: Mitigation of Cache Poisoning Caused by Untrusted URL Query Parameters

Categories: Development, Security, TYPO3 CMS

Advisory type: Public Service Announcements
Created by Oliver Hader and Torben Hansen

It has been discovered that TYPO3 CMS is susceptible to cache poisoning.
Read more

Security Advisories

TYPO3-EXT-SA-2022-007: SQL Injection in extension "One is Enough Library" (oelib)

TYPO3-EXT-SA-2022-006: SQL Injection in extension "Seminar Manager" (seminars)

TYPO3-EXT-SA-2022-005: Remote Code Execution in extension "Job portal" (psvneo_jobfair)

TYPO3-PSA-2022-001: Sanitization bypass in SVG Sanitizer

TYPO3-EXT-SA-2022-004: File Content Injection in extension "Hardcoded text to Locallang" (mqk_locallangtools)

TYPO3-EXT-SA-2022-003: Insecure direct object reference in extension "Varnishcache" (varnishcache)

TYPO3-EXT-SA-2022-002: Cross-Site Scripting in extension "Bookdatabase" (extbookdatabase)

TYPO3-EXT-SA-2022-001: Server-side request forgery in extension "Kitodo.Presentation" (dlf)

TYPO3-PSA-2021-004: Statement on Recent log4j/log4shell Vulnerabilities (CVE-2021-44228)

TYPO3-PSA-2021-003: Mitigation of Cache Poisoning Caused by Untrusted URL Query Parameters

Information

Downloads

Community

Popular links

Professional Content Management

Inspire people to share

A Community Effort

Do you have a question?

Security Advisories

Information

Downloads

Community

Popular links