TYPO3 Security Bulletin
A bug has been discovered in the "Front End News Submitter" fenews where SQL injection is not safely prevented and thus malicious SQL commands are potentially possible. Since the RTE enabled version fertenews is derived from fenews, it is affected as well. Component Type: Third Party Extension...