Skip to main navigation Skip to main content Skip to page footer
main logo main logo

Vulnerabilities in multiple third party TYPO3 CMS extensions

19 December 2017 ยท Nicole Cordes 
Dear TYPO3 users,

 

several vulnerabilities have been found in the following third party TYPO3
extensions:

 

"Smallads" (ke_smallads)

"Download Center" (pits_downloadcenter)

"Frontend User Registration" (sf_register)

"DRC News Comment" (news_comment)

"JobControl" (dmmjobcontrol)

"Caretaker" (caretaker)

 

For further information on the issues, please read the related advisories

TYPO3-EXT-SA-2017-015, TYPO3-EXT-SA-2017-016, TYPO3-EXT-SA-2017-017,
TYPO3-EXT-SA-2017-018, TYPO3-EXT-SA-2017-019 and TYPO3-EXT-SA-2017-020 which
were published today:

 

TYPO3-EXT-SA-2017-015: Cross Site-Scripting in extension "Smallads"
(ke_smallads)

https://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-e
xt-sa-2017-015/

 

TYPO3-EXT-SA-2017-016: SQL Injection in extension "Download Center"
(pits_downloadcenter)

https://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-e
xt-sa-2017-016/

 

TYPO3-EXT-SA-2017-017: Authentication Bypass in extension "Frontend User
Registration" (sf_register)

https://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-e
xt-sa-2017-017/

 

TYPO3-EXT-SA-2017-018: Multiple vulnerabilities in extension "DRC News
Comment" (news_comment)

https://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-e
xt-sa-2017-018/

 

TYPO3-EXT-SA-2017-019: Multiple vulnerabilities in extension "JobControl"
(dmmjobcontrol)

https://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-e
xt-sa-2017-019/

 

TYPO3-EXT-SA-2017-020: Cross Site-Scripting in extension "Caretaker"
(caretaker)

https://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-e
xt-sa-2017-020/

 

In general the TYPO3 Security Team recommends to read the following pages:

 

The TYPO3 Security Guide:

 <https: docs.typo3.org typo3cms securityguide></https:>
https://docs.typo3.org/typo3cms/SecurityGuide/

 

Make sure you are subscribed to the TYPO3 Announce List:

 <http: lists.typo3.org cgi-bin mailman listinfo typo3-announce>
<a href="http://lists.typo3.org/cgi-bin/mailman/listinfo/typo3-announce" target="_blank" rel="noreferrer">http://lists.typo3.org/cgi-bin/mailman/listinfo/typo3-announce</a>

 

See all TYPO3 security advisories:

 <https: typo3.org teams security security-bulletins></https:>
<a href="https://typo3.org/teams/security/security-bulletins/" target="_blank" rel="noreferrer">https://typo3.org/teams/security/security-bulletins/</a>

 

 

Regards,

 

Nicole Cordes

Member of the TYPO3 Security Team

 

--

TYPO3 Security Team homepage:  <https: typo3.org teams security></https:>
<a href="https://typo3.org/teams/security/" target="_blank" rel="noreferrer">https://typo3.org/teams/security/</a>

 

E-Mail: security@typo3.org</http:>
Back to list