Security Advisories
All Advisories
TYPO3-EXT-SA-2018-006: Captcha bypass in extension "Front End User Registration" (sr_feuser_register)
It has been discovered that the extension "Front End User Registration" (sr_feuser_register) is susceptible to Captcha bypass.
TYPO3-EXT-SA-2018-005: Environment Variable Injection in extension "AWS SDK for PHP" (aws_sdk_php)
It has been discovered that the extension "AWS SDK for PHP" (aws_sdk_php) is susceptible to Environment Variable Injection.
TYPO3-EXT-SA-2018-004: Cross-site scripting vulnerability in extension "Powermail" (powermail)
It has been discovered that the extension "Powermail" (powermail) is susceptible to Cross-Site Scripting.
TYPO3-EXT-SA-2018-003: Environment Variable Injection in extension "Amazon AWS S3 FAL driver (CDN)" (aus_driver_amazon_s3)
It has been discovered that the extension "Amazon AWS S3 FAL driver (CDN)" (aus_driver_amazon_s3) is susceptible to Environment Variable Injection.
TYPO3-EXT-SA-2018-002: Missing Access Check in extension "Register to tt_address" (registeraddress)
It has been discovered that the extension "Register to tt_address" (registeraddress) has a missing access check.
TYPO3-EXT-SA-2018-001: Cross-Site Scripting in extension "Heise Shariff" (rx_shariff)
It has been discovered that the extension "Heise Shariff" (rx_shariff) is susceptible to Cross-Site Scripting.
TYPO3-CORE-SA-2018-004: Insecure Deserialization in TYPO3 CMS
It has been discovered, that TYPO3 CMS is vulnerable to Insecure Deserialization.
TYPO3-CORE-SA-2018-003: Privilege Escalation & SQL Injection in TYPO3 CMS
It has been discovered, that TYPO3 CMS is vulnerable to Privilege Escalation and SQL Injection.
TYPO3-CORE-SA-2018-002: Insecure Deserialization & Arbitrary Code Execution in TYPO3 CMS
It has been discovered, that TYPO3 CMS is vulnerable to Insecure Deserialization & Arbitrary Code Execution.
TYPO3-CORE-SA-2018-001: Authentication Bypass in TYPO3 CMS
It has been discovered, that TYPO3 CMS is vulnerable to Authentication Bypass.
TYPO3-EXT-SA-2017-020: Cross Site-Scripting in extension "Caretaker" (caretaker)
It has been discovered that the extension "Caretaker" (caretaker) is susceptible to Cross-Site Scripting.
TYPO3-EXT-SA-2017-019: Multiple vulnerabilities in extension "JobControl" (dmmjobcontrol)
It has been discovered that the extension "JobControl" (dmmjobcontrol) is susceptible to SQL Injection and Cross Site-Scripting.
TYPO3-EXT-SA-2017-018: Multiple vulnerabilities in extension "DRC News Comment" (news_comment)
It has been discovered that the extension "DRC News Comment" (news_comment) is susceptible to Arbitrary Code Execution and Cross Site-Scripting.
TYPO3-EXT-SA-2017-017: Authentication Bypass in extension "Frontend User Registration" (sf_register)
It has been discovered that the extension "Frontend User Registration" (sf_register) is vulnerable to Authentication Bypass.
TYPO3-EXT-SA-2017-016: SQL Injection in extension "Download Center" (pits_downloadcenter)
It has been discovered that the extension "Download Center" (pits_downloadcenter) is susceptible to SQL Injection.
TYPO3-EXT-SA-2017-015: Cross Site-Scripting in extension "Smallads" (ke_smallads)
It has been discovered that the extension "Smallads" (ke_smallads) is susceptible to Cross-Site Scripting.
TYPO3-EXT-SA-2017-014: Cross Site-Scripting in extension "Multishop" (multishop)
It has been discovered that the extension "Multishop" (multishop) is susceptible to Cross-Site Scripting.
TYPO3-EXT-SA-2017-013: Cross Site-Scripting in extension "CAB FAL search" (falsearch)
It has been discovered that the extension "CAB FAL search" (falsearch) is susceptible to Cross-Site Scripting.
TYPO3-EXT-SA-2017-012: Arbitrary File Disclosure in extension "restler" (restler)
It has been discovered that the extension "restler" (restler) is susceptible to Arbitrary File Disclosure.
TYPO3-EXT-SA-2017-011: Cross Site-Scripting in extension "Formhandler" (formhandler)
It has been discovered that the extension "Formhandler" (formhandler) is susceptible to Cross-Site Scripting.