zurück

Am Dienstag wurde veröffentlicht, dass es in sieben Typo3 Extensions des TER Sicherheitslücken gibt. Sollten diese Extensions im Livebtrieb genutzt werden, so empfiehlt sich ein zeitnahes Update und die Lücken zu schliessen. Die Extensions sind:

  • "File manager" (ameos_filemanager)
  • "T3Blog Extbase" (t3extblog)
  • "Recommend page " (pb_recommend_page)
  • "Formhandler" (formhandler)
  • "restler" (restler)
  • "CAB FAL search" (falsearch)
  • "Multishop" (multishop)

 

Alle detaillierten Infos auch hier:

TYPO3-EXT-SA-2017-008: Multiple vulnerabilities in extension "File manager"
(ameos_filemanager)
[1]https://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2017-008/

TYPO3-EXT-SA-2017-009: Cross Site-Scripting in extension "T3Blog Extbase"
(t3extblog)
[2]https://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2017-009/

TYPO3-EXT-SA-2017-010: Cross Site-Scripting in extension "Recommend page "
(pb_recommend_page)
[3]https://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2017-010/

TYPO3-EXT-SA-2017-011: Cross Site-Scripting in extension "Formhandler"
(formhandler)
[4]https://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2017-011/

TYPO3-EXT-SA-2017-012: Arbitrary File Disclosure in extension "restler"
(restler)
[5]https://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2017-012/

TYPO3-EXT-SA-2017-013: Cross Site-Scripting in extension "CAB FAL search"
(falsearch)
[6]https://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2017-013/

TYPO3-EXT-SA-2017-014: Cross Site-Scripting in extension "Multishop"
(multishop)
[7]https://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2017-014/