It has been discovered that improper error handling could lead to cache flooding in TYPO3 Core and that the prepared statement database API potentially allows SQL Injections.
Please read the advisories for a description and solutions of all the above mentioned issues:
TYPO3 Security Bulletin TYPO3-CORE-SA-2011-002: Potential SQL injection vulnerabilitiy in TYPO3 Core
In general the TYPO3 Security Team recommends to read the following pages:
- The TYPO3 Security Guide: https://docs.typo3.org/m/typo3/reference-coreapi/main/en-us/Security/Index.html#security-guidelines
- Make sure you are subscribed to the TYPO3 Announce List: http://lists.typo3.org/cgi-bin/mailman/listinfo/typo3-announce
- See all TYPO3 security advisories