| Vigil@nce team describes computer vulnerabilities impacting your systems, and offers solutions to correct them. |
|
 |
|
|
|
vulnerability note 9394
TYPO3: vulnerabilities of extensions
Synthesis of the vulnerability
| An attacker can use several vulnerabilities of TYPO3 extensions in order to generate a Cross Site Scripting or to inject SQL code. |
Severity: 2/4.
Creation date: 01/02/2010.
|
Description of the vulnerability
An attacker can use several vulnerabilities of TYPO3 extensions.
An attacker can generate SQL injections and Cross Site Scriptings in the T3BLOG (t3blog) extension. [severity:2/4; BID-38030, TYPO3-SA-2010-002, >]
An attacker can generate a SQL injection in the Event Manager (eventmanagement) extension. [severity:2/4; TYPO3-SA-2010-003, >]
An attacker can generate a SQL injection in the Game Article DB (game_articledb) extension. [severity:2/4; TYPO3-SA-2010-003, >]
An attacker can generate a SQL injection and a Cross Site Scripting in the Simple career (ml_career) extension. [severity:2/4; TYPO3-SA-2010-003, >]
An attacker can generate a SQL injection in the Surprise Calendar (ml_surprisecalendar) extension. [severity:2/4; TYPO3-SA-2010-003, >]
An attacker can generate a Cross Site Scripting in the Search Api Ajax Google (searchajaxgoogle) extension. [severity:2/4; TYPO3-SA-2010-003, >]
An attacker can obtain information via the Download Manager (spr_downloadmanager) extension. [severity:1/4; TYPO3-SA-2010-003, >] |
Complete Vigil@nce bulletin
Characteristics
Title: TYPO3: vulnerabilities of extensions.
Keywords: Ajax Api Article Calendar Cross Download Event Game Google Manager SQL Scripting Scriptings Search Simple Site Surprise T3BLOG TYPO3 TYPO3-SA-2010-002 TYPO3-SA-2010-003 extensions game_articledb ml_career ml_surprisecalendar spr_downloadmanager t3blog vulnerabilities.
Identifiers: BID-38030, TYPO3-SA-2010-002, TYPO3-SA-2010-003, VIGILANCE-VUL-9394.
|
Solutions for this vulnerability
Supplements
Vulnerability : T3BLOG (t3blog)
An attacker can generate SQL injections and Cross Site Scriptings in the T3BLOG (t3blog) extension.
Severity: 2/4.
Identifiers: BID-38030, TYPO3-SA-2010-002.
|
|
Vulnerability : Event Manager (eventmanagement)
An attacker can generate a SQL injection in the Event Manager (eventmanagement) extension.
Severity: 2/4.
Identifiers: TYPO3-SA-2010-003.
|
|
Vulnerability : Game Article DB (game_articledb)
An attacker can generate a SQL injection in the Game Article DB (game_articledb) extension.
Severity: 2/4.
Identifiers: TYPO3-SA-2010-003.
|
|
Vulnerability : Simple career (ml_career)
An attacker can generate a SQL injection and a Cross Site Scripting in the Simple career (ml_career) extension.
Severity: 2/4.
Identifiers: TYPO3-SA-2010-003.
|
|
Vulnerability : Surprise Calendar (ml_surprisecalendar)
An attacker can generate a SQL injection in the Surprise Calendar (ml_surprisecalendar) extension.
Severity: 2/4.
Identifiers: TYPO3-SA-2010-003.
|
|
Vulnerability : Search Api Ajax Google (searchajaxgoogle)
An attacker can generate a Cross Site Scripting in the Search Api Ajax Google (searchajaxgoogle) extension.
Severity: 2/4.
Identifiers: TYPO3-SA-2010-003.
|
|
Vulnerability : Download Manager (spr_downloadmanager)
An attacker can obtain information via the Download Manager (spr_downloadmanager) extension.
Severity: 1/4.
Identifiers: TYPO3-SA-2010-003.
|
|
Computer vulnerabilities tracking service
The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.
The Vigil@nce vulnerability database contains several thousand vulnerabilities.
This bulletin is published by the Vigil@nce team, which tracks computer vulnerabilities impacting systems and applications.
Computer vulnerabilities tracking service
|