Extbase in TYPO3 4.3.0 before 6.2.24, 7.x before 7.6.8, and 8.1.1 allows remote attackers to obtain sensitive information or possibly execute arbitrary code via a crafted Extbase action.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Typo3 | Typo3 | * | 6.2.23 (including) |
| Typo3 | Typo3 | 7.0.0 (including) | 7.0.0 (including) |
| Typo3 | Typo3 | 7.0.2 (including) | 7.0.2 (including) |
| Typo3 | Typo3 | 7.1.0 (including) | 7.1.0 (including) |
| Typo3 | Typo3 | 7.2.0 (including) | 7.2.0 (including) |
| Typo3 | Typo3 | 7.3.0 (including) | 7.3.0 (including) |
| Typo3 | Typo3 | 7.3.1 (including) | 7.3.1 (including) |
| Typo3 | Typo3 | 7.4.0 (including) | 7.4.0 (including) |
| Typo3 | Typo3 | 7.5.0 (including) | 7.5.0 (including) |
| Typo3 | Typo3 | 7.6.0 (including) | 7.6.0 (including) |
| Typo3 | Typo3 | 7.6.1 (including) | 7.6.1 (including) |
| Typo3 | Typo3 | 7.6.2 (including) | 7.6.2 (including) |
| Typo3 | Typo3 | 7.6.3 (including) | 7.6.3 (including) |
| Typo3 | Typo3 | 7.6.4 (including) | 7.6.4 (including) |
| Typo3 | Typo3 | 7.6.5 (including) | 7.6.5 (including) |
| Typo3 | Typo3 | 7.6.6 (including) | 7.6.6 (including) |
| Typo3 | Typo3 | 7.6.7 (including) | 7.6.7 (including) |
| Typo3 | Typo3 | 7.6.8 (including) | 7.6.8 (including) |
| Typo3 | Typo3 | 8.1.1 (including) | 8.1.1 (including) |
| Typo3-src | Ubuntu | precise | * |
| Typo3-src | Ubuntu | trusty | * |
References
- http://www.openwall.com/lists/oss-security/2016/05/25/4
- http://www.openwall.com/lists/oss-security/2016/05/26/2
- https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-013/
- http://www.openwall.com/lists/oss-security/2016/05/25/4
- http://www.openwall.com/lists/oss-security/2016/05/26/2
- https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-013/