Cатсн²² (in)sесuяitу / ChrisJohnRiley
Because we're damned if we do, and we're damned if we don't!
TYPO3-EXT-SA-2012-003 – t3extplorer
TYPO3-EXT-SA-2012-003
Original Release Date: February, 23 2012
Vendor: TYPO3 Extensions
Product: TYPO3 CMS – eXtplorer (t3extplorer)
Affected Versions
Extension versions:
- 0.0.2 (all)
- No update made available
Vulnerability Type: Path Traversal
Overall Severity: Low
Problem Description
Failure to sanitize URL parameters leads to path traversal.
Impact
TYPO3 installations that use this extension are vulnerable to path traversal.
Vendor Response
The creator of this 3rd party extension did not respond to requests to patch the issue. As a result the extension has been removed from the TYPO3 Extension Repository until such a fix is made available.
Credit(s)
Credits go to Chris John Riley who discovered and reported this issue.
References
- TYPO3 Security Bulletin TYPO3-EXT-SA-2012-003
<http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2012-003/>