| Vigil@nce team describes computer vulnerabilities impacting your systems, and offers solutions to correct them. |
|
 |
|
|
|
vulnerability alert CVE-2009-4701 CVE-2009-4702 CVE-2009-4703
TYPO3: vulnerabilities of extensions
Synthesis of the vulnerability
| An attacker can use several vulnerabilities of TYPO3 extensions in order to generate a Cross Site Scripting or to inject SQL code. |
Severity: 2/4.
Creation date: 16/03/2010.
|
Description of the vulnerability
Several vulnerabilities were announced in TYPO3 extensions.
SQL injections and Cross Site Scriptings impact:
"mm_forum" (mm_forum)
"Brainstorming" (brainstorming)
"Power Extension Manager" (ch_lightem)
"Sellector.com Widget Integration" (chsellector)
"Educator" (educator)
"MK Wastebasket" (mk_wastebasket)
"myDashboard" (mydashboard)
"CleanDB" (nf_cleandb)
"Diocese of Portsmouth Database" (pd_diocesedatabase)
"Reports Logfile View" (reports_logview)
"SAV Filter Alphabetic" (sav_filter_abc)
"SAV Filter Selectors" (sav_filter_selectors)
"SAV Filter Months" (sav_filter_months)
"Book Reviews" (sk_bookreview)
"Simple Gallery" (sk_simplegallery)
"Typo3 Quixplorer" (t3quixplorer)
"TYPO3 Security - Salted user password hashes" (t3sec_saltedpw)
"UserTask Center, recent" (taskcenter_recent)
"TGM-Newsletter" (tgm_newsletter)
"CleanDB - DBAL" (tmsw_cleandb)
"Meet Travelmates" (travelmate)
"YATSE - Yet another TYPO3 search engine" (yatse)
An attacker can therefore use several vulnerabilities of TYPO3 extensions in order to generate a Cross Site Scripting or to inject SQL code. |
Complete Vigil@nce bulletin
Characteristics
Title: TYPO3: vulnerabilities of extensions.
Keywords: Alphabetic Book Brainstorming Center CleanDB Cross DBAL Database Diocese Educator Extension Filter Gallery Integration Logfile Manager Meet Months Portsmouth Power Quixplorer Reports Reviews SAV SQL Salted Scripting Scriptings Security Selectors Sellector Simple Site TGM-Newsletter TYPO3 Travelmates Typo3 UserTask View Wastebasket Widget YATSE Yet ch_lightem extensions mk_wastebasket mm_forum myDashboard nf_cleandb pd_diocesedatabase reports_logview sav_filter_abc sav_filter_months sav_filter_selectors sk_bookreview sk_simplegallery t3quixplorer t3sec_saltedpw taskcenter_recent tgm_newsletter tmsw_cleandb vulnerabilities.
Identifiers: 2010031610000043, BID-38789, BID-38792, BID-38795, BID-38796, BID-38797, BID-38798, BID-38799, BID-38800, BID-38801, BID-38802, BID-38803, BID-38804, BID-38805, BID-38806, BID-38808, BID-38810, BID-38811, BID-38812, BID-38816, BID-38818, BID-38823, BID-38825, CVE-2009-4701, CVE-2009-4702, CVE-2009-4703, CVE-2009-4704, CVE-2009-4705, CVE-2009-4706, CVE-2009-4707, CVE-2009-4708, CVE-2009-4709, CVE-2009-4710, CVE-2009-4711, CVE-2010-1004, CVE-2010-1005, CVE-2010-1006, CVE-2010-1007, CVE-2010-1008, CVE-2010-1009, CVE-2010-1010, CVE-2010-1011, CVE-2010-1012, CVE-2010-1013, CVE-2010-1014, CVE-2010-1015, CVE-2010-1016, CVE-2010-1017, CVE-2010-1018, CVE-2010-1019, CVE-2010-1020, CVE-2010-1021, CVE-2010-1022, CVE-2010-1023, CVE-2010-1024, CVE-2010-1025, CVE-2010-1026, CVE-2010-1027, TYPO3-SA-2010-006, TYPO3-SA-2010-007, VIGILANCE-VUL-9516.
|
Information sources
Solutions for this vulnerability
Computer vulnerabilities tracking service
The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.
The Vigil@nce vulnerability database contains several thousand vulnerabilities.
This bulletin is published by the Vigil@nce team, which tracks computer vulnerabilities impacting systems and applications.
Computer vulnerability database
|
