Security Bulletins for TYPO3 Extensions

Tue. 15th October, 2019

TYPO3-EXT-SA-2019-015: SQL Injection in extension "URL redirect" (url_redirect)

Categories: Development

Advisory type: TYPO3 Extensions

Created by Torben Hansen

It has been discovered that the extension "URL redirect" (url_redirect) is susceptible to SQL Injection.

Tue. 25th June, 2019

TYPO3-EXT-SA-2019-014: Multiple vulnerabilities in extension "phpMyAdmin" (phpmyadmin)

Categories: Development

Advisory type: TYPO3 Extensions

Created by Torben Hansen

It has been discovered that the extension "phpMyAdmin" (phpmyadmin) is susceptible to Arbitrary file read and SQL injection.

Tue. 7th May, 2019

TYPO3-EXT-SA-2019-013: SQL Injection in extension "comsolit Suggest" (comsolit_suggest)

Categories: Development

Advisory type: TYPO3 Extensions

Created by Torben Hansen

It has been discovered that the extension "comsolit Suggest" (comsolit_suggest) is susceptible to SQL Injection.

Tue. 7th May, 2019

TYPO3-EXT-SA-2019-012: Arbitrary file Upload in extension "Yet Another Gallery" (yag)

Categories: Development

Advisory type: TYPO3 Extensions

Created by Torben Hansen

It has been discovered that the extension "Yet Another Gallery" (yag) is susceptible to Arbitrary File Upload.

Tue. 7th May, 2019

TYPO3-EXT-SA-2019-011: SQL Injection in extension "Event Calender" (pits_wd_calender)

Categories: Development

Advisory type: TYPO3 Extensions

Created by Torben Hansen

It has been discovered that the extension "Event Calender" (pits_wd_calender) is susceptible to SQL Injection.

Tue. 7th May, 2019

TYPO3-EXT-SA-2019-010: Cross Site Scripting in extension "Instagram" (ws_instagram)

Categories: Development

Advisory type: TYPO3 Extensions

Created by Torben Hansen

It has been discovered that the extension "Instagram" (ws_instagram) is susceptible to Cross Site Scripting.

Tue. 7th May, 2019

TYPO3-EXT-SA-2019-009: Cross Site Scripting in extension "gkh RSS Import" (gkh_rss_import)

Categories: Development

Advisory type: TYPO3 Extensions

Created by Torben Hansen

It has been discovered that the extension "gkh RSS Import" (gkh_rss_import) is susceptible to Cross Site Scripting.

Tue. 7th May, 2019

TYPO3-EXT-SA-2019-008: Multiple vulnerabilities in extension "phpMyAdmin" (phpmyadmin)

Categories: Development

Advisory type: TYPO3 Extensions

Created by Torben Hansen

It has been discovered that the extension "phpMyAdmin" (phpmyadmin) is susceptible to Arbitrary file read and SQL injection.

Tue. 7th May, 2019

TYPO3-EXT-SA-2019-007: Remote Code Execution in extension "ImageOptimizer" (imageoptimizer)

Categories: Development

Advisory type: TYPO3 Extensions

Created by Torben Hansen

It has been discovered that the extension "ImageOptimizer" (imageoptimizer) is susceptible to Remote Code Execution.

Tue. 7th May, 2019

TYPO3-EXT-SA-2019-006: Open Redirect in extension "Hairu" (hairu)

Categories: Development

Advisory type: TYPO3 Extensions

Created by Torben Hansen

It has been discovered that the extension "Hairu" (hairu) is susceptible to an Open Redirect.