Cатсн²² (in)sесuяitу / ChrisJohnRiley

Because we're damned if we do, and we're damned if we don't!

Home

TYPO3-EXT-SA-2012-003 – t3extplorer

TYPO3-EXT-SA-2012-003

Original Release Date: February, 23 2012

Vendor: TYPO3 Extensions

Product: TYPO3 CMS - eXtplorer (t3extplorer)

Affected Versions

Extension versions:

0.0.2 (all)
No update made available

Vulnerability Type: Path Traversal

Overall Severity: Low

Problem Description

Failure to sanitize URL parameters leads to path traversal.

Impact

TYPO3 installations that use this extension are vulnerable to path traversal.

Vendor Response

The creator of this 3rd party extension did not respond to requests to patch the issue. As a result the extension has been removed from the TYPO3 Extension Repository until such a fix is made available.

Credit(s)

Credits go to Chris John Riley who discovered and reported this issue.

References

TYPO3 Security Bulletin TYPO3-EXT-SA-2012-003
<http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-003/>

Leave a Reply Cancel reply

Enter your comment here...

Fill in your details below or click an icon to log in:

Email (required) (Address never made public)

Name (required)

Website

You are commenting using your WordPress.com account. ( Log Out / Change )

You are commenting using your Twitter account. ( Log Out / Change )

You are commenting using your Facebook account. ( Log Out / Change )

Cancel

Connecting to %s