DSA-2646-1 typo3-src -- severalID: oval:org.secpod.oval:def:600993 | Date: (C)2013-03-19 (M)2022-10-10 |
Class: PATCH | Family: unix |
Typo3, a PHP-based content management system, was found vulnerable to several vulnerabilities. CVE-2013-1842 Helmut Hummel and Markus Opahle discovered that the Extbase database layer was not correctly sanitizing user input when using the Query object model. This can lead to SQL injection by a malicious user inputing crafted relation values. CVE-2013-1843 Missing user input validation in the access tracking mechanism could lead to arbitrary URL redirection. Note: the fix will break already published links