Because we're damned if we do, and we're damned if we don't!
Original Release Date: February, 23 2012
Vendor: TYPO3 Extensions
Product: TYPO3 CMS – eXtplorer (t3extplorer)
- 0.0.2 (all)
- No update made available
Vulnerability Type: Path Traversal
Overall Severity: Low
Failure to sanitize URL parameters leads to path traversal.
TYPO3 installations that use this extension are vulnerable to path traversal.
The creator of this 3rd party extension did not respond to requests to patch the issue. As a result the extension has been removed from the TYPO3 Extension Repository until such a fix is made available.
Credits go to Chris John Riley who discovered and reported this issue.
- TYPO3 Security Bulletin TYPO3-EXT-SA-2012-003