Cатсн²² (in)sесuяitу / ChrisJohnRiley

Because we're damned if we do, and we're damned if we don't!

TYPO3-EXT-SA-2012-003 – t3extplorer

TYPO3-EXT-SA-2012-003

Original Release Date: February, 23 2012

Vendor: TYPO3 Extensions

Product: TYPO3 CMS - eXtplorer (t3extplorer)

Affected Versions

Extension versions:

  • 0.0.2 (all)
  • No update made available

Vulnerability Type: Path Traversal

Overall Severity: Low

Problem Description

Failure to sanitize URL parameters leads to path traversal.

Impact

TYPO3 installations that use this extension are vulnerable to path traversal.

Vendor Response

The creator of this 3rd party extension did not respond to requests to patch the issue. As a result the extension has been removed from the TYPO3 Extension Repository until such a fix is made available.

Credit(s)

Credits go to Chris John Riley who discovered and reported this issue.

References

Follow

Get every new post delivered to your Inbox.

Join 118 other followers

%d bloggers like this: