Security Bulletins for TYPO3 Extensions

Tue. 17th December, 2019

TYPO3-EXT-SA-2019-023: CSRF in extension "femanager" (femanager)

Categories: Development

Advisory type: TYPO3 Extensions

Created by Torben Hansen

It has been discovered that the extension "femanager" (femanager) is susceptible to Cross-Site-Request-Forgery (CSRF).

Tue. 17th December, 2019

TYPO3-EXT-SA-2019-022: Privilege Escalation in extension "femanager direct mail subscription" (femanager_dmail_subscribe)

Categories: Development

Advisory type: TYPO3 Extensions

Created by Torben Hansen

It has been discovered that the extension "femanager direct mail subscription" (femanager_dmail_subscribe) is susceptible to Privilege Escalation.

Tue. 17th December, 2019

TYPO3-EXT-SA-2019-021: Cross Site Scripting in extension "File List" (file_list)

Categories: Development

Advisory type: TYPO3 Extensions

Created by Torben Hansen

It has been discovered that the extension "File List" (file_list) is susceptible to Cross Site Scripting.

Tue. 17th December, 2019

TYPO3-EXT-SA-2019-020: CSRF in extension "Change password for frontend users" (fe_change_pwd)

Categories: Development

Advisory type: TYPO3 Extensions

Created by Torben Hansen

It has been discovered that the extension "Change password for frontend users" (fe_change_pwd) is susceptible to Cross-Site-Request-Forgery (CSRF).

Tue. 17th December, 2019

TYPO3-EXT-SA-2019-019: Multiple vulnerabilities in extension "MKSamlAuth" (mksamlauth)

Categories: Development

Advisory type: TYPO3 Extensions

Created by Torben Hansen

It has been discovered that the extension "MKSamlAuth" (mksamlauth) is susceptible to Broken Authentication and Authentication Bypass.

Tue. 15th October, 2019

TYPO3-EXT-SA-2019-018: Remote Code Execution in extension "freeCap CAPTCHA" (sr_freecap)

Categories: Development

Advisory type: TYPO3 Extensions

Created by Torben Hansen

It has been discovered that the extension "freeCap CAPTCHA" (sr_freecap) is susceptible to Remote Code Execution.

Tue. 15th October, 2019

TYPO3-EXT-SA-2019-017: Multiple vulnerabilities in extension "SLUB: Event Registration" (slub_events)

Categories: Development

Advisory type: TYPO3 Extensions

Created by Torben Hansen

It has been discovered that the extension "SLUB: Event Registration" (slub_events) is susceptible to Remote Code Execution, Unrestricted File Upload…

Tue. 15th October, 2019

TYPO3-EXT-SA-2019-016: Information Disclosure in extension "Direct Mail" (direct_mail)

Categories: Development

Advisory type: TYPO3 Extensions

Created by Torben Hansen

It has been discovered that the extension "Direct Mail" (direct_mail) is susceptible to Information Disclosure.

Tue. 15th October, 2019

TYPO3-EXT-SA-2019-015: SQL Injection in extension "URL redirect" (url_redirect)

Categories: Development

Advisory type: TYPO3 Extensions

Created by Torben Hansen

It has been discovered that the extension "URL redirect" (url_redirect) is susceptible to SQL Injection.

Tue. 25th June, 2019

TYPO3-EXT-SA-2019-014: Multiple vulnerabilities in extension "phpMyAdmin" (phpmyadmin)

Categories: Development

Advisory type: TYPO3 Extensions

Created by Torben Hansen

It has been discovered that the extension "phpMyAdmin" (phpmyadmin) is susceptible to Arbitrary file read and SQL injection.