Professional Content Management

Free and open source, TYPO3 CMS is the most widely used enterprise-level CMS.

Test TYPO3 now:

TYPO3 live demo

Inspire people to share

Offer your skills and contribute to the project. The community is growing and does more than just coding. 

A Community Effort

TYPO3 CMS is an Open Source project managed by the TYPO3 Association.

The Project

Do you have a question?

Ask the community or a professional partner.

SECURITY-BULLETIN-TYPO3-20060501-1-CHC-FORUM: Security Bulletin TYPO3-20060501-1: chc_forum

Categories: Security Created by Michael Hirdes
A weakness in the display of forum messages of chc_forum has been discovered that may be used to execute arbitrary SQL

Component Type: Third Party Extension. The extension is not part of the
TYPO3 default installation

Affected Components: chc_forum

Versions: 1.4.4 and earlier

Vulnerability Type: SQL injection

Severity: High

Problem Description:
A weakness in the display of forum messages of chc_forum has been
discovered that may be used to execute arbitrary SQL

Solution:
An updated version (chc_forum version 1.4.5) can be found on the TER or via the Extension Manager. All users of this extension are advised to immediately install the update.

Credits:Thanks to Nickolas Shardin who discovered the vulnerability, thanks toRupert Germann for notifying the security team, thanks to the extensionauthor Zach Davis for providing an updated version of the extensionimmediately.