Professional Content Management

Free and open source, TYPO3 CMS is the most widely used enterprise-level CMS.

Test TYPO3 now:

TYPO3 live demo

Inspire people to share

Offer your skills and contribute to the project. The community is growing and does more than just coding. 

A Community Effort

TYPO3 CMS is an Open Source project managed by the TYPO3 Association.

The Project

Do you have a question?

Ask the community or a professional partner.

TYPO3-EXT-SA-2011-015: Remote File Disclosure and Cross-Site Scripting vulnerability in extensions pmkshadowbox and pmkslimbox

It has been discovered that the extensions pmkshadowbox and pmkslimbox are vulnerable to Remote File Disclosure and Cross-Site Scripting.

Release Date: Oktober 20, 2011

Component Type: Third party extension. This extension is not a part of the TYPO3 default installation.
 

Extension: pmkshadowbox

Affected Versions: Version 3.2.0 and all versions below

Vulnerability Type: Remote File Disclosure, Cross-Site Scripting

Severity: Critical

Suggested CVSS v2.0: AV:N/AC:L/Au:N/C:C/I:P/A:N/E:F/RL:OF/RC:C (What is this?)

Problem Description:  The download and print image functionality of this extension fails to properly validate and sanitize user provided filenames. This leads to a Cross-Site Scripting vulnerability in the print functionality. Additionally it is possible to download arbitrary files which are accessible by the webserver user through the download functionality.

Solution: An updated version 3.2.1 is available from the TYPO3 extension manager and athttp://typo3.org/extensions/repository/view/pmkshadowbox/3.2.1/. Users of the extension are advised to update the extension as soon as possible.

 

 

Extension: pmkslimbox

Affected Versions: Version 3.1.0 and all versions below

Vulnerability Type: Remote File Disclosure, Cross-Site Scripting

Severity: Critical

Suggested CVSS v2.0: AV:N/AC:L/Au:N/C:C/I:P/A:N/E:F/RL:U/RC:C (What is this?)

Problem Description: The download and print image functionality of this extension fails to properly validate and sanitize user provided filenames. This leads to a Cross-Site Scripting vulnerability in the print functionality. Additionally it is possible to download arbitrary files which are accessible by the webserver user through the download functionality.

Solution: Versions of this extension that are known to be vulnerable will no longer be available for download from the TYPO3 Extension Repository. The extension author will not provide updates for this extension any more. Please uninstall and delete the extension folder from your installation.

 


General advice: Follow the recommendations that are given in the TYPO3 Security Cookbook. Please subscribe to thetypo3-announce mailing list to receive future Security Bulletins via E-mail.