Bug#692775: TYPO3-CORE-SA-2012-005: Several Vulnerabilities in TYPO3 Core

Thu, 08 Nov 2012 09:54:25 -0800 

Package: typo3-src
Severity: critical
Tags: security


It has been discovered that TYPO3 Core is vulnerable to SQL Injection,
Information Disclosure and Cross-Site Scripting

Component Type: TYPO3 Core

Affected Versions: 4.5.0 up to 4.5.20, 4.6.0 up to 4.6.13, 4.7.0 up to
4.7.5 and development releases of the 6.0 branch.
Vulnerability Types: SQL Injection, Cross-Site Scripting, Information
Disclosure
Overall Severity: Medium
Release Date: November 8, 2012



Vulnerable subcomponent: TYPO3 Backend History Module


Vulnerability Type: SQL Injection, Cross-Site Scripting
Severity: Medium
Suggested CVSS v2.0: AV:N/AC:M/Au:S/C:C/I:C/A:N/E:F/RL:O/RC:C

Problem Description: Due to missing encoding of user input, the history
module is susceptible to SQL Injection and Cross-Site Scripting. A valid
backend login is required to exploit this vulnerability.


Vulnerability Type: Information Disclosure
Severity: Low
Suggested CVSS v2.0: AV:N/AC:L/Au:S/C:P/I:N/A:N/E:F/RL:O/RC:C

Problem Description: Due to a missing access check, regular editors
could see the history view of arbitrary records, only by forging a
proper URL for the History Module. A valid backend login is required to
exploit this vulnerability.



Vulnerable subcomponent: TYPO3 Backend API


Vulnerability Type: Cross-Site Scripting
Severity: Low
Suggested CVSS v2.0: AV:N/AC:M/Au:S/C:N/I:P/A:N/E:F/RL:O/RC:C

Problem Description: Failing to properly HTML-encode user input the tree
render API (TCA-Tree) is susceptible to Cross-Site Scripting. TYPO3
Versions below 6.0 does not make us of this API, thus is not
exploitable, if no third party extension is installed which uses this
API. A valid backend login is required to exploit this vulnerability.


Vulnerability Type: Cross-Site Scripting
Severity: Low
Suggested CVSS v2.0: AV:N/AC:M/Au:S/C:N/I:P/A:N/E:P/RL:O/RC:C

Problem Description: Failing to properly encode user input, the function
menu API is susceptible to Cross-Site Scripting. A valid backend login
is required to exploit this vulnerability.


-- 
 MfG, Christian Welzel

  GPG-Key:     http://www.camlann.de/de/pgpkey.html
  Fingerprint: 4F50 19BF 3346 36A6 CFA9 DBDC C268 6D24 70A1 AD15


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Reply via email to