TYPO3-20080416-1: Multiple vulnerabilities in extension de_phpot

It has been discovered that the extension de_phpot is vulnerable to multiple SQL Injection flaws and other types of security issues.

Component Type: Third party extension. This extension is not part of the TYPO3 default installation.

Affected Versions: All versions

Vulnerability Type: SQL Injection, Information Disclosure, Denial of Service

Severity: HIGH

Problem Description: The extension fails to properly sanitize several HTTP GET, POST and COOKIE variables, also user permission and authentication checks can partly be bypassed. As a consequence, it is possible to inject arbitrary SQL code into different query strings. It is also possible to gain access to information provided by the extension without being a legitimate backend user. Besides that, it is possible to cause PHP to be stuck in an infinite loop. This could be abused for denial of service attacks.

Solution: The author of the extension has been contacted but never replied. Therefore the extension was permanently removed from TER. Please disable the extension AND delete it from your TYPO3 installations.

Additional information: Besides de_phpot, the extension de_phpot_webbug has also been removed from TER. de_phpot_webbug extends de_phpot and can't be used as a stand alone extension.

General advice:
Follow the recommendations that are given in the TYPO3 SECURITY Guide.
Check the TYPO3 security bulletin page frequently for updates. The page is located at typo3.org/teams/security/security-bulletins/.

Credits: The issues were found by the TYPO3 Security Team member Henning Pingel.