-
TYPO3-EXT-SA-2024-002: Authentication Bypass in "OpenID Connect Authentication" (oidc)
Categories: DevelopmentAdvisory type: TYPO3 ExtensionsRead moreIt has been discovered that the extension "OpenID Connect Authentication" (oidc) is susceptible to Authentication Bypass.
-
TYPO3-EXT-SA-2024-001: Broken Access Control in extension "Event management and registration" (sf_event_mgt)
Categories: Development, SecurityAdvisory type: TYPO3 ExtensionsRead moreIt has been discovered that the extension "Event management and registration" (sf_event_mgt) is susceptible to Broken Access Control.
-
TYPO3-CORE-SA-2024-006: Improper Access Control Persisting File Abstraction Layer Entities via Data Handler
Categories: Development, TYPO3 CMSAdvisory type: TYPO3 CMSRead moreIt has been discovered that TYPO3 CMS is susceptible to information disclosure.
-
TYPO3-CORE-SA-2024-005: Improper Access Control of Resources Referenced by t3:// URI Scheme
Categories: Development, TYPO3 CMSAdvisory type: TYPO3 CMSRead moreIt has been discovered that TYPO3 CMS is susceptible to information disclosure.
-
TYPO3-CORE-SA-2024-004: Information Disclosure of Encryption Key in TYPO3 Install Tool
Categories: Development, TYPO3 CMSAdvisory type: TYPO3 CMSRead moreIt has been discovered that TYPO3 CMS is susceptible to information disclosure.
-
TYPO3-CORE-SA-2024-003: Information Disclosure of Hashed Passwords in TYPO3 Backend Forms
Categories: Development, TYPO3 CMSAdvisory type: TYPO3 CMSRead moreIt has been discovered that TYPO3 CMS is susceptible to information disclosure.
-
TYPO3-CORE-SA-2024-002: Code Execution in TYPO3 Install Tool
Categories: Development, TYPO3 CMSAdvisory type: TYPO3 CMSRead moreIt has been discovered that TYPO3 CMS is vulnerable to code execution.
-
TYPO3-CORE-SA-2024-001: Path Traversal in TYPO3 File Abstraction Layer Storages
Categories: Development, TYPO3 CMSAdvisory type: TYPO3 CMSRead moreIt has been discovered that TYPO3 CMS is susceptible to path traversal.
-
TYPO3-EXT-SA-2023-011: Configuration Injection in extension "Direct Mail" (direct_mail)
Categories: Development, SecurityAdvisory type: TYPO3 ExtensionsRead moreIt has been discovered that the extension "Direct Mail" (direct_mail) is susceptible to Configuration Injection.
-
TYPO3-EXT-SA-2023-010: Broken Access Control in extension "femanager" (femanager)
Categories: Development, SecurityAdvisory type: TYPO3 ExtensionsRead moreIt has been discovered that the extension "femanager" (femanager) is susceptible to Broken Access Control.