Skip to main navigation Skip to main content Skip to page footer
main logo main logo

Vulnerabilities in multiple third party TYPO3 CMS extensions

12 February 2014 ยท TYPO3 Security Team 
Dear TYPO3 users,

Several vulnerabilities have been found in the following third party TYPO3
extensions:

mm_forum (mm_forum)
News (tt_news)
Direct Mail Subscription (direct_mail_subscription)
Yet Another Gallery (yag)
Tools for Extbase development (pt_extbase)

Alphabetic Sitemap (alpha_sitemap)
femanager (femanager)
Statistics (ke_stats)
External links click statistics (outstats)
TYPO3 Security / Intrusion Detection System (px_phpids)
smarty (smarty)
WEC Map (wec_map)


For further information on the issue in the extension mm_forum (mm_forum), please read the related advisory TYPO3-EXT-SA-2014-001 that was published today: http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-001/

For further information on the issue in the extension News (tt_news), please read the related advisory TYPO3-EXT-SA-2014-003 that was published today: http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-003/

For further information on the issue in the extension Direct Mail Subscription (direct_mail_subscription), please read the related advisory TYPO3-EXT-SA-2014-004 that was published today: http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-004/

For further information on the issue in the extensions Yet Another Gallery (yag) and Tools for Extbase development (pt_extbase), please read the related advisory TYPO3-EXT-SA-2014-005 that was published today: http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-005/


The Collective Security Bulletin TYPO3-EXT-SA-2014-002 for the remaining extensions was also published today: http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-002/



In general the TYPO3 Security Team recommends to read the following pages:

The TYPO3 Security Guide:
http://docs.typo3.org/typo3cms/SecurityGuide/

Make sure you are subscribed to the TYPO3 Announce List:
http://lists.typo3.org/cgi-bin/mailman/listinfo/typo3-announce

See all TYPO3 security advisories:
http://typo3.org/teams/security/security-bulletins/



Regards,

Helmut Hummel
Leader of the TYPO3 Security Team

--
TYPO3 Security Team homepage: http://typo3.org/teams/security/

E-Mail: security@typo3.org
Back to list