Component Type:
Third Party Extension. This extension is third party code that has not been submitted to the TYPO3 extension review process yet. The extension is not part of TYPO3 default installations.
Affected Extension Name:
cmw_linklist
Version: 1.4.1 and earlier
Vulnerability Type: SQL injection
Severity: High
Problem Description:
An issue has been reported where a bug in the cmw_linklist extension allows SQL injection attacks. In specific situations, a remote offender can cause malicious database operations.
Solution:
An updated version of the extension can be found on typo3.org/extensions/repository/list/cmw_linklist/ or via Extension Manager. All users of this extension are strongly advised to immediatly update this extension.
- Overview
- Features +
- Development Roadmap +
- Strategy
- Core Development
- Release News +
- Documentation
- Comparison Cards
- System Requirements
- Download & Install
- Getting Started
- Fluid Template Engine
- TYPO3 Community
- Events
- Meet the Community +
- Contribute / Get Involved +
- Teams & Committees +
- Values and Proceedings +
- Team Leader Meetings
- Data Protection Corner +
- Services +
- Communicate: Where and how
- User Groups
- StackOverflow
- Forum
- Chat (Slack)
- how to use Slack
- Regular Open Sprints
- You, me, and TYPO3!
- TYPO3 remote days
- Become an Association Member
- Get your My TYPO3 account
- Donate
- Mentorship
- Community Writers Program
- TYPO3 Development
- Academic
- Accessibility
- Best Practices
- Communication Coordination
- Community Expansion
- Content
- Content Types
- Documentation
- Education & Certification
- Localization
- Marketing
- Ombudsperson
- Security
- Server
- TYPO3 CMS Product Strategy Group
- typo3.org website
- User Experience (UX)