Security Advisories
All Advisories
TYPO3-CORE-SA-2019-025: SQL Injection in low-level Query Generator
It has been discovered that TYPO3 CMS is vulnerable to SQL injection.
TYPO3-CORE-SA-2019-024: Directory Traversal on ZIP extraction
It has been discovered that TYPO3 CMS is vulnerable to directory traversal.
TYPO3-CORE-SA-2019-023: Cross-Site Scripting in Filelist Module
It has been discovered that TYPO3 CMS is vulnerable to cross-site scripting.
TYPO3-CORE-SA-2019-022: Cross-Site Scripting in Link Handling
It has been discovered that TYPO3 CMS is vulnerable to cross-site scripting in Link Handling.
TYPO3-CORE-SA-2019-021: Cross-Site Scripting in Form Framework validation handling
It has been discovered that TYPO3 CMS is vulnerable to cross-site scripting.
TYPO3-PSA-2019-011: Possible Insecure Deserialization in Extbase Request Handling
It has been discovered that TYPO3 CMS can be vulnerable to insecure deserialization.
TYPO3-PSA-2019-010: Cross-Site Scripting Vulnerabilities in File Upload Handling
It has been discovered that TYPO3 is susceptible to cross-site scripting.
TYPO3-PSA-2019-009: Truncated passwords during authentication process on typo3.org services
It has been discovered that passwords were truncated during authentication process on typo3.org services.
TYPO3-EXT-SA-2019-018: Remote Code Execution in extension "freeCap CAPTCHA" (sr_freecap)
It has been discovered that the extension "freeCap CAPTCHA" (sr_freecap) is susceptible to Remote Code Execution.
TYPO3-EXT-SA-2019-017: Multiple vulnerabilities in extension "SLUB: Event Registration" (slub_events)
It has been discovered that the extension "SLUB: Event Registration" (slub_events) is susceptible to Remote Code Execution, Unrestricted File Upload…
TYPO3-EXT-SA-2019-016: Information Disclosure in extension "Direct Mail" (direct_mail)
It has been discovered that the extension "Direct Mail" (direct_mail) is susceptible to Information Disclosure.
TYPO3-EXT-SA-2019-015: SQL Injection in extension "URL redirect" (url_redirect)
It has been discovered that the extension "URL redirect" (url_redirect) is susceptible to SQL Injection.
TYPO3-EXT-SA-2019-014: Multiple vulnerabilities in extension "phpMyAdmin" (phpmyadmin)
It has been discovered that the extension "phpMyAdmin" (phpmyadmin) is susceptible to Arbitrary file read and SQL injection.
TYPO3-CORE-SA-2019-020: Insecure Deserialization in TYPO3 CMS
It has been discovered that TYPO3 CMS is vulnerable to insecure deserialization.
TYPO3-CORE-SA-2019-019: Arbitrary Code Execution and Cross-Site Scripting in Backend API
It has been discovered, that TYPO3 CMS is vulnerable to arbitrary code execution and cross-site scripting.
TYPO3-CORE-SA-2019-018: Security Misconfiguration in Frontend Session Handling
It has been discovered, that TYPO3 CMS is susceptible to security misconfiguration.
TYPO3-CORE-SA-2019-017: Broken Access Control in Import Module
It has been discovered, that TYPO3 CMS is susceptible to broken access control.
TYPO3-CORE-SA-2019-016: Possible deserialization side-effects in symfony/cache
It has been discovered that a third party dependency used by TYPO3 CMS is susceptible of being used during insecure deserialization.
TYPO3-CORE-SA-2019-015: Cross-Site Scripting in Link Handling
It has been discovered that TYPO3 CMS is vulnerable to cross-site scripting.
TYPO3-CORE-SA-2019-014: Information Disclosure in Backend User Interface
It has been discovered that TYPO3 CMS is susceptible to information disclosure.