It has been discovered that the extension "Change password for frontend users" (fe_change_pwd) is susceptible to Cross-Site-Request-Forgery (CSRF).

It has been discovered that the extension "MKSamlAuth" (mksamlauth) is susceptible to Broken Authentication and Authentication Bypass.

It has been discovered that the extension "freeCap CAPTCHA" (sr_freecap) is susceptible to Remote Code Execution.

It has been discovered that the extension "SLUB: Event Registration" (slub_events) is susceptible to Remote Code Execution, Unrestricted File Upload…

It has been discovered that the extension "Direct Mail" (direct_mail) is susceptible to Information Disclosure.

It has been discovered that the extension "URL redirect" (url_redirect) is susceptible to SQL Injection.

It has been discovered that the extension "phpMyAdmin" (phpmyadmin) is susceptible to Arbitrary file read and SQL injection.

It has been discovered that the extension "comsolit Suggest" (comsolit_suggest) is susceptible to SQL Injection.

It has been discovered that the extension "Yet Another Gallery" (yag) is susceptible to Arbitrary File Upload.

It has been discovered that the extension "Event Calender" (pits_wd_calender) is susceptible to SQL Injection.