TYPO3-SA-2010-011: Vulnerabilitiy in extension 404 Error Page Handling (error_404_handling)

It has been discovered that the extension 404 Error Page Handling (error_404_handling) is susceptible to SQL Injection attacks.

Component Type: Third party extension. This extensions is not part of the TYPO3 default installation.

Affected Versions: 0.1.1 and all versions below

Vulnerability Type: SQL Injection

Severity: High

Suggested CVSS v2.0: AV:N/AC:M/Au:N/C:P/I:P/A:N/E:U/RL:U/RC:C (What's that?)

Release Date: 14.04.2010

Problem Description: Failing to validate and sanitize user input the extension is susceptible to SQL Injection, making it possible to manipulate SQL queries by injecting arbitrary SQL code..

Solution: Versions of this extension that are known to be vulnerable will no longer be available for download from the TYPO3 Extension Repository. At the time of writing, we don't know of a security update of the extension regarding the existing vulnerability, since we have been unable to get in contact with the author. For the time being please uninstall this extension and delete all files belonging to it from your TYPO3 installation.

Solution: Should the author decide to reply to our request and provide a fixed version, the extension could return to the TYPO3 Extension Repository.

General advice: Follow the recommendations that are given in the TYPO3 Security Cookbook. Please subscribe to the typo3-announce mailing list to receive future Security Bulletins via E-mail.

Credits: Credits go to Frederic Gaus, who discovered and reported the issue.