Component Type: Third party extension. This extension is not part of the TYPO3 default installation
Affected Versions: Version 0.1.2 and all versions below
Vulnerability Type: Incorrect authentication
Problem Description: Lacking authentication in some situations, the extension opens the possibility for uploading malicious scripts which could compromise the installation.
Solution: An updated version is available from the TYPO3 extension manager at
General advice: Follow the recommendations that are given in the TYPO3 SECURITY Guide.
Credits: Credits go to security team member Henning Pingel who discovered these issues and to Jean-David Gadina who is the author and fixed the issues.