Skip to main navigation Skip to main content Skip to page footer
main logo main logo

Two third party TYPO3 extensions found insecure

24 September 2008 ยท Lars Houmark 
Dear users of TYPO3,

The extensions phpMyAdmin (phpmyadmin) and freeCap CAPTCHA  
(sr_freecap) have been found insecure.
Please see the below two bulletins in order to read the details of  
each security incident.

TYPO3-20080924-1: Cross-Site Scripting vulnerability in extension  
phpMyAdmin (phpmyadmin):
http://typo3.org/teams/security/security-bulletins/typo3-20080924-1/

TYPO3-20080924-2: Cross-Site Scripting vulnerability in extension  
freeCap CAPTCHA (sr_freecap):
http://typo3.org/teams/security/security-bulletins/typo3-20080924-2/

In general the TYPO3 Security Team recommends you to read the  
following pages.

The TYPO3 Security Cookbook:
http://typo3.org/fileadmin/security-team/typo3_security_cookbook_v-0.5.pdf

Make sure you are subscribed to the TYPO3 Announce List:
http://lists.netfielders.de/cgi-bin/mailman/listinfo/typo3-announce

See all TYPO3 security bulletins:
http://typo3.org/teams/security/security-bulletins/


Regards,

Lars Houmark
lars@typo3.org
Back to list