The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Vulnerability of TYPO3 tt_news: code execution via Unserialize

Synthesis of the vulnerability

An attacker can unserialize data of TYPO3 tt_news, in order to execute code.
Severity of this threat: 2/4.
Creation date: 12/02/2014.
Références of this weakness: CVE-2014-6290, TYPO3-EXT-SA-2014-003, VIGILANCE-VUL-14234.

Description of the vulnerability

An attacker can unserialize data of TYPO3 tt_news, in order to execute code.
Full Vigil@nce bulletin... (Free trial)

This cybersecurity threat impacts software or systems such as TYPO3 Extensions ~ not comprehensive.

Our Vigil@nce team determined that the severity of this computer threat note is medium.

The trust level is of type confirmed by the editor, with an origin of internet client.

An attacker with a expert ability can exploit this security threat.

Solutions for this threat

TYPO3 tt_news: version 3.5.2.
The version 3.5.2 is fixed:
  http://typo3.org/extensions/repository/download/tt_news/3.5.2/t3x/
Full Vigil@nce bulletin... (Free trial)

Computer vulnerabilities tracking service

Vigil@nce provides a cybersecurity workaround. Each administrator can customize the list of products for which he wants to receive vulnerability alerts.