Vigil@nce: TYPO3, two vulnerabilities
September 2011 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can inject SQL data or fill the cache of TYPO3.
– Severity: 2/4
– Creation date: 14/09/2011
IMPACTED PRODUCTS
– TYPO3
DESCRIPTION OF THE VULNERABILITY
Two vulnerabilities were announced in TYPO3.
When the cache is disabled with disableNoCacheParameter, an
attacker can indirectly fill it, in order to create a denial of
service. [severity:2/4; BID-49622, TYPO3-CORE-SA-2011-003]
When an application uses a prepared SQL statement which contains
at least two parameters, an attacker can inject data in the SQL
query. [severity:2/4; BID-49628, TYPO3-CORE-SA-2011-002]
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/TYPO3-two-vulnerabilities-10992