Dear users of TYPO3,
Security issues have been discovered in the following third party TYPO3
extensions:
Commerce (commerce),
JobControl (dmmjobcontrol),
Econda Plugin (econda),
Frontend Users View (feusersview),
Mannschaftsliste (kiddog_playerlist),
M1 Intern (m1_intern),
Simple survey (simplesurvey),
Page Improvements (sm_pageimprovements)
For further information, please read the following bulletins:
TYPO3 Collective Security Bulletin TYPO3-20081020-1: Several
vulnerabilities in third party extensions:
<http: typo3.org teams security security-bulletins typo3-20081020-1></http:>
TYPO3 Security Bulletin TYPO3-20081020-2: SQL Injection in extension
Commerce (commerce):
<http: typo3.org teams security security-bulletins typo3-20081020-2></http:>
In general the TYPO3 Security Team recommends to read the following pages:
The TYPO3 Security Cookbook:
<http: typo3.org fileadmin security-team typo3_security_cookbook_v-0.5.pdf>
Make sure you are subscribed to the TYPO3 Announce List:
<http: lists.netfielders.de cgi-bin mailman listinfo typo3-announce>
You can find all TYPO3 security bulletins at:
<http: typo3.org teams security security-bulletins></http:>
Regards,
Henning Pingel
henning@typo3.org</http:></http:>
