Professional Content Management

Free and open source, TYPO3 CMS is the most widely used enterprise-level CMS.

Test TYPO3 now:

TYPO3 live demo

Inspire people to share

Offer your skills and contribute to the project. The community is growing and does more than just coding. 

A Community Effort

TYPO3 CMS is an Open Source project managed by the TYPO3 Association.

The Project

Do you have a question?

Ask the community or a professional partner.

TYPO3-20060501-1: TYPO3 Security Bulletin

A weakness in the display of forum messages of chc_forum has been discovered that may be used to execute arbitrary SQL

Component Type: Third Party Extension. The extension is not part of the
TYPO3 default installation

Affected Components: chc_forum

Versions: 1.4.4 and earlier

Vulnerability Type: SQL injection

Severity: High

Problem Description:
A weakness in the display of forum messages of chc_forum has been
discovered that may be used to execute arbitrary SQL

Solution:
An updated version (chc_forum version 1.4.5) can be found on typo3.org/extensions/repository/search/chc_forum/1.4.5/ or via the Extension Manager. All users of this extension are advised to immediately install the update.

Credits:
Thanks to Nickolas Shardin who discovered the vulnerability, thanks to
Rupert Germann for notifying the security team, thanks to the extension
author Zach Davis for providing an updated version of the extension
immediately.