In association with heise online

25 February 2010, 14:38

Security update for TYPO3 released

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

The TYPO3 developers have closed several holes in their content management system. The current versions are now 4.2.12 and 4.3.2. In their security bulletin, the developers say that the previous version's backend may disclose other users' non-public data to attackers who hold valid accounts. Furthermore, both the frontend and the backend are vulnerable to various cross-site scripting attacks.

If the "saltedpasswords" extension is installed in versions 4.3.0 and 4.3.1, the frontend potentially even grants access to unauthenticated attackers – ironically, this particularly affects security-conscious administrators. TYPO3 admins are, therefore, advised to install the update as soon as possible.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit