SECURITY-BULLETIN-TYPO3-20080611-1-MULTIPLE-VULNERABILITIES-IN-TYPO3-CORE: Security Bulletin TYPO3-20080611-1: Multiple vulnerabilities in TYPO3 Core

Categories: Security Created by Lars Houmark
It has been discovered that the default value of the TYPO3 configuration variable fileDenyPattern allows arbitrary code execution on Apache web servers. Besides that, the library fe_adminlib.inc allows Cross Site Scripting (XSS).

Please read the entire Security Bulletin here:

Security Bulletin TYPO3-20080611-1: Multiple vulnerabilities in TYPO3 Core


We also recommend that you subscribe to the TYPO3 Announce List to receive all future Security Bulletins and other important TYPO3 news.