TYPO3 Security: Multiplevulnerabilities in extension ve_guestbook (07.08.2007)
Dear users of TYPO3,
It has been discovered that the extension ve_guestbook is vulnerable
to SQL Injection attacks. Also, a Cross Site Scripting issue has been
detected.
==== Component Type ====
Third party extension. This extension is not part of the TYPO3
default installation.
==== Affected Versions ====
Version 1.9.3 and below
==== Vulnerability Type ====
SQL Injection, Cross Site Scripting
==== Severity ====
HIGH.
We have received indications that the flaw is already being
actively exploited.
==== Problem Description ====
Some versions of the extension are exposed to SQL injection because
they fail to properly sanitize user-supplied input. Besides that,
some versions are not preventing Cross Site Scripting attacks properly.
==== Solution ====
An updated version is available from the TYPO3 extension manager and at
typo3.org/extensions/reposito...estbook/2.0.0/
==== General advice ====
Follow the recommendations that are given in the TYPO3 Security
Cookbook [1].
Keep notice of the TYPO3 security bulletin page [2].
==== Annotation ====
The TYPO3 Security Team wishes to clarify that we have not yet
been able to get in touch with the author, nor to accomplish a formal
review of the extension. This advisory is being published nevertheless,
because we have received indications that the flaw is already being
actively exploited.
[1] typo3.org/fileadmin/security-team/
typo3_security_cookbook_v-0.5.pdf
[2] typo3.org/teams/security/security-bulletins/
Regards,
Lars Houmark
lars(at)typo3.org