Security Advisories

TYPO3-CORE-SA-2020-001: Information Disclosure in Password Reset

12.05.2020

It has been discovered that TYPO3 CMS is susceptible to information disclosure.

TYPO3-EXT-SA-2020-005: Multiple vulnerabilities in extension "Direct Mail" (direct_mail)

12.05.2020

It has been discovered that the extension "Direct Mail" (direct_mail) is susceptible to Denial of Service, Broken Access Control, Open Redirect and…

TYPO3-EXT-SA-2020-004: SQL Injection in extension "phpMyAdmin" (phpmyadmin)

12.05.2020

It has been discovered that the extension "phpMyAdmin" (phpmyadmin) is susceptible to SQL Injection.

TYPO3-EXT-SA-2020-003: Multiple vulnerabilities in extension "Magalone Flipbook for TYPO3" (magaloneflipbook)

10.03.2020

It has been discovered that the extension "Magalone Flipbook for TYPO3" (magaloneflipbook) is susceptible to Remote Code Execution, Arbitrary File…

TYPO3-EXT-SA-2020-002: Remote Code Execution in extension "PHPUnit" (phpunit)

10.03.2020

It has been discovered that the extension "PHPUnit" (phpunit) is susceptible to Remote Code Execution.

TYPO3-EXT-SA-2020-001: SQL Injection in extension "phpmyadmin" (phpmyadmin)

10.03.2020

It has been discovered that the extension "phpmyadmin" (phpmyadmin) is susceptible to SQL Injection.

TYPO3-EXT-SA-2019-023: CSRF in extension "femanager" (femanager)

17.12.2019

It has been discovered that the extension "femanager" (femanager) is susceptible to Cross-Site-Request-Forgery (CSRF).

TYPO3-EXT-SA-2019-022: Privilege Escalation in extension "femanager direct mail subscription" (femanager_dmail_subscribe)

17.12.2019

It has been discovered that the extension "femanager direct mail subscription" (femanager_dmail_subscribe) is susceptible to Privilege Escalation.

TYPO3-EXT-SA-2019-021: Cross Site Scripting in extension "File List" (file_list)

17.12.2019

It has been discovered that the extension "File List" (file_list) is susceptible to Cross Site Scripting.

TYPO3-EXT-SA-2019-020: CSRF in extension "Change password for frontend users" (fe_change_pwd)

17.12.2019

It has been discovered that the extension "Change password for frontend users" (fe_change_pwd) is susceptible to Cross-Site-Request-Forgery (CSRF).

TYPO3-EXT-SA-2019-019: Multiple vulnerabilities in extension "MKSamlAuth" (mksamlauth)

17.12.2019

It has been discovered that the extension "MKSamlAuth" (mksamlauth) is susceptible to Broken Authentication and Authentication Bypass.

TYPO3-CORE-SA-2019-026: Insecure Deserialization in Query Generator & Query View

17.12.2019

It has been discovered that TYPO3 CMS is vulnerable to insecure deserialization.

TYPO3-CORE-SA-2019-025: SQL Injection in low-level Query Generator

17.12.2019

It has been discovered that TYPO3 CMS is vulnerable to SQL injection.

TYPO3-CORE-SA-2019-024: Directory Traversal on ZIP extraction

17.12.2019

It has been discovered that TYPO3 CMS is vulnerable to directory traversal.

TYPO3-CORE-SA-2019-023: Cross-Site Scripting in Filelist Module

17.12.2019

It has been discovered that TYPO3 CMS is vulnerable to cross-site scripting.

TYPO3-CORE-SA-2019-022: Cross-Site Scripting in Link Handling

17.12.2019

It has been discovered that TYPO3 CMS is vulnerable to cross-site scripting in Link Handling.

TYPO3-CORE-SA-2019-021: Cross-Site Scripting in Form Framework validation handling

17.12.2019

It has been discovered that TYPO3 CMS is vulnerable to cross-site scripting.

TYPO3-PSA-2019-011: Possible Insecure Deserialization in Extbase Request Handling

17.12.2019

It has been discovered that TYPO3 CMS can be vulnerable to insecure deserialization.

TYPO3-PSA-2019-010: Cross-Site Scripting Vulnerabilities in File Upload Handling

17.12.2019

It has been discovered that TYPO3 is susceptible to cross-site scripting.

TYPO3-PSA-2019-009: Truncated passwords during authentication process on typo3.org services

30.10.2019

It has been discovered that passwords were truncated during authentication process on typo3.org services.