Skip to main navigation Skip to main content Skip to page footer
Become a Member

TYPO3-20051107-2: th_mailformplus

A weakness in the form validation of th_mailformplus has been discovered that may be abused to inject additional recipients in mail forms.

 

Component Type: Third Party Extension. This extension is third party code that has not been submitted to the TYPO3 extension review process yet. The extension is not part of TYPO3 default installations.

 

Affected Components: th_mailformplus

 

Versions: th_mailformplus versions 3.6.1 and earlier

Vulnerability Type: Potential Spam Abuse

Severity: Low

 

Problem Description:
A weakness in the form validation of th_mailformplus has been discovered that may be abused to inject additional recipients in mail forms.

 

Solution:

An updated version (th_mailformplus version 3.7.0) can be found on typo3.org/extensions/repository/list/th_mailformplus/ or via Extension Manager. All users of this extension are advised to immediatly update.

 

Credits:
Thanks to Joerg Schoppet for notifying us; thanks to Peter Luser for immediatly providing a fix.