7 matches found
TYPO3-EXT-SA-2026-012: SQL Injection in extension "Address List" (tt_address)
More info at https://typo3.org/security/advisory/typo3-ext-sa-2026-012...
Authorization Bypass Through User-Controlled Key
Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key due to improper resetting of the generated MFA code after successful authentication. An attacker can gain unauthorized access by submitting an empty string as the MFA code in subsequent...
Command Injection
Overview nitsan/ns-backup is an extension for TYPO3 that lets you save your code, files, and database with just a few clicks. Install Backup Plus and connect it to your cloud storage like Google Drive, Dropbox, Amazon S3, SFTP, Rsync, etc.. Affected versions of this package are vulnerable to...
Cross-site Request Forgery (CSRF)
Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF via the backend user interface functionality involving deep links. An attacker can manipulate the session and perform unauthorized actions. Note: This is only exploitable if the...
Arbitrary Code Injection
Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the file upload functionality. An attacker can execute arbitrary code by uploading a file with a crafted extension and then accessing it through unspecified vectors. Remediation Upgrade in2code/powermail to...
Improper Authentication
Overview Affected versions of this package are vulnerable to Improper Authentication via unspecified vectors which allows an attacker to bypass the CAPTCHA protection mechanism. Remediation Upgrade in2code/powermail to version 2.0.11 or higher. References - Typo3 Advisory Credit: Jigal van Hemert...
Cross-Site Scripting in 3rd party library Flowplayer
More info at https://typo3.org/security/advisory/typo3-core-sa-2015-007...